NEWS FROM THE LAB - Thursday, October 14, 2004

A virus spreading on floppies? In 2004? Posted by Mikko @ 12:57 GMT

Most of the new viruses we keep seeing nowadays are email worms, with the occasional P2P, filesharing or network exploit -based worms thrown in.

So, it's weird finding a virus which replicates by using floppy disks and CD-ROMs. This is exacly how the Bacros virus replicates. Bacros was already found a month ago but we've started receiving more questions on it lately. This virus will copy itself to all floppies it sees. It also attempts to burn itself to CD-R discs (complete with an AUTORUN file, which will run the virus when the CD-R is inserted to another machine).

BacrosIn addition of this spreading on physical media, the virus also works as a companion virus, attacking TXT files. For example, when the virus finds a file called README.TXT, it will make that file hidden and drop a new file called README.EXE in the same directory. Icon for this file makes it look like a normal text file, and when clicked, it will launch the original text file to hide it's activities.

Bacros is also unusual because it's destructive. We don't see many directly destructive viruses nowadays; most viruses just try to silently take over your machine instead. Bacros overwrites GIF image files with an image that says "KUOLE JEHOVA" (the message is in Finnish as this virus was apparently written in Finland). And on Christmas day, it will try to delete all files from the system.

For full details, see the Bacros description.