HTML Virus Reported

The makers of the AntiViral Toolkit Pro, Central Command has discovered an HTML virus.

Central Command, the US and Canada Distributor of AntiViral Toolkit Pro today announced that detection and removal of the worlds first HTML virus has been added to AntiViral Toolkit Pro.

"Recently we have seen a shift in virus writing. The virus authors are focusing on the World Wide Web as a means of infecting unsuspecting users. With the discovery of WinScript.Rabbit last week and today HTML.Internal we are seeing a changing virus development strategy." Said Keith Peer, President of Central Command.

This new virus searches for HTML files on local hard disks and infects them. To replicate itself the virus uses inline script routines written in Visual Basic. The virus will replicate only if the browser security settings allows script routines to access disk files.

The header of infected HTML file contains the reference for a script which is the viruses main routine that is executed automatically when a browser accesses the infected file. The virus searches for all *.HTM and *.HTML files in the current and all parent directories and infects them. While infecting the virus moves the file down and writes itself to the beginning of the file without any damage for the host file data.

The virus header contains the text ID-line: <html> <!--1nternal-->

After infecting the virus displays the text to the Windows status bar: HTML.Prepend /1nternal

Detection and removal of HTML.Internal is available in the latest version of AntiViral Toolkit Pro released on November 8, 1998. Central Command has made time limited fully functional evaluation versions of AntiViral Toolkit Pro available on it's web site at http://www.avp.com.

Copyright (C) 1998-1999 The Active Network. All rights reserved.
Please click here for full terms of use and restrictions.