By Julian Matthews, Newsbytes
KUALA LUMPUR, MALAYSIA,
03 Nov 2000, 3:12 PM CST
Malaysia's national budget speech, available online at a
Web site, is infected with a virus that may overwrite Microsoft Word
and add in rude comments against Prime Minister Mahathir Mohamad.
Local virus expert Looi Hoong Thoong confirmed that the document at the
official Finance Ministry Web site is infected by the Hampehs virus,
to be of local origin.
"This is probably a made-in-Malaysia macro virus. The virus will overwrite
Microsoft Word document files and add in very rude comments in .doc files
against the Prime Minister," he said.
The infected document was posted online last Friday to coincide with a
read by the Finance Minister Daim Zainuddin in parliament. Ironically, the
speech was mainly directed at improving PC literacy among Malaysians.
At press time, the infected document was still downloadable at
http://www.treasury.gov.my/englishversion/index.html . Only the English
of the speech is infected and is part of three Word files contained in an
executable file txtbud2001.exe. It could not be immediately ascertained how
many users had already downloaded the file and how the file was infected.
Code within the document directs users to a Web site, hampehs.cjb.net, in
which a "Mr DingDang" claims authorship for the virus.
Written in colloquial Malay, the virus writer said he created the virus,
among other reasons, because he was "unsatisfied with the present
government" and wanted to express contempt for the prime minister.
Mahathir has been at the receiving end of virulent criticism by various Web
sites ever since the sudden sacking of deputy Prime Minister Anwar Ibrahim
September 1998, and his subsequent arrest and conviction on corruption and
DingDang claims he created the "harmless" virus in a week in October 1999
while learning the Visual Basic language and that it is the same one
both the McAfee Anti-virus site and Symantec Antivirus Research Center
W97M.Shepmah, documented since January this year.
The virus is described as "low-risk". If executed on Feb. 25, the virus
payload added to autoexec.bat file that renames "Program Files" and
folders to "tempt1" and "tempt2". It will also display a dialog box, which
cycles through seven different messages from the virus writer that contains
the anti-Mahathir commentary.
Looi, the creator of anti-virus program V-Buster, believes the virus was in
the Web server or on the computer on which the speech was typed a long
time ago and probably "passed from department to department."
He counts various government departments and agencies among his clients
that have complained of such virus attacks.
"One government agency recently brought their server to me for cleaning
found almost every file was infected. There were between 30 to 40 different
viruses," he said.
Penang-based Looi reckons that although the agency used a well known
anti-virus program it was ineffective, as most US-based anti-virus
miss Malaysian-made viruses.
He vouches that V-Buster can detect and inactivate the Hampehs virus,
parts of documents with the rude comments will have to be manually removed
from each Microsoft Word document.
Looi said Malaysian-made viruses have been around for a long time although
this may be the first one written with political motivations. "Many virus
writers leave no signature and their origins cannot be verified. The first
Malaysian-made virus may have been Counter Warfare, a destructive boot
virus, which appeared in 1990."
Others examples go by the names Fellowship, Black Monday, FSKSM, BUSM,
Malaysia98 and possibly, Ada.
Looi believes the viruses are created by teen-agers or college students,
mainly for the challenge of seeing how far they will spread. They are
written with virus generator programs easily downloaded from the Net.
He said the first Malaysian macro virus was probably FSKSM, written by a
student from University of Malaya, the leading university in the country.
"When you open an infected file it will ask 'Are you a Faculty of Science
student'. It opens if you type 'Yes' but causes the computer to hang if you
type 'No'. This virus caused more than 60 percent of the computers in the
university to shut down at one stage," he said.
Virus writing in Asia may be on the rise with growing Internet use and
software literacy rates. Two high-profile incidents that caused global
were the CIH, or Chernobyl virus created by Chen Ing-hau, a former computer
engineering student in Taiwan, and the "I Love You" virus created by Onel
Guzman, a former computer student from the Philippines.
Reported by Newsbytes.com, http://www.newsbytes.com .
(20001103/WIRES TOP, ONLINE, BUSINESS, PC, ASIA/VIRUS/PHOTO)