Local print shops suffer Hong Kong virus

The public might be fretting about chicken flu or the Asian Contagion this winter, but New Zealand print bureaux, film houses and designers have been hit by another kind of Hong Kong virus. The Autostart 9805 Worm, the first new virus to attack the Macintosh platform in two years (apart from the usual Microsoft Word macro viruses) showed up here about two weeks ago. It originated in Hong Kong, where almost all ad agencies, output bureaux, publishing houses, and printers have been infected.

The public might be fretting about chicken flu or the Asian Contagion this winter, but New Zealand print bureaux, film houses and designers have been hit by another kind of Hong Kong virus.

The Autostart 9805 Worm, the first new virus to attack the Macintosh platform in two years (apart from the usual Microsoft Word macro viruses) showed up here about three weeks ago. It originated in Hong Kong, where almost all ad agencies, output bureaux, publishing houses, and printers have been infected.

The virus probably came into this country on a disk of scans or documents for use in a print publication. Marcus Radich, senior consultant with the Auckland company MediaTech, which contracts to Apple Computer, says he has disinfected nearly 100 Power Macintosh machines.

"As soon as [the virus] goes into a service bureau or a film house, every disk it handles thereafter gets an attachment loaded onto it by the virus," says Radich. "It comes back to the designer, goes into their machine and the QuickTime Autostart feature of the Macintosh autostarts that attachment and loads the virus into the Extensions folder. It's quite effective."

In its initial stage, the virus triggers excessive disk activity every 30 minutes. It later overwrites the data forks of certain files, including a number of graphics file formats.

Radich says many Mac users have become complacent about viruses.

"You get a virus every 10 minutes appearing on the PC, and PC users are used to rebuilding their computers anyway, because of Windows, so they don't mind. Mac users tend to just have SAM loaded with two year old virus definitions and think they're safe."

The virus installs an invisible application called "DB" onto a disk, which in turn creates an invisible file called "Desktop Print Spooler". These should not be confused with the legitimate MacOS files "Desktop DB" and "Desktop Printer Spooler".

The files can be searched for using the "visibility" attribute in Find File, which is invoked by clicking on the left-hand pop-up menu while holding down the option key. Infection can be prevented by turning off the CD-Rom Autostart feature in the QuickTime settings control panel.

Radich says he has been manually removing the files, but vendors major anti-virus programs have released updates for the new virus. There have been some reports of directory damage from the updated Norton Anti Virus, he says, but Dr Solomon's Virex is effective.

Apple Computer spokesman John Holley says news of the virus has gone out in technical bulletins, and users can download a program called Eradicator, which was written specifically to remove the virus, from Apple's Website at www.apple.co.nz.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]