| Viruses Have Gone to Pot | |||||||||||||
| Marijuana virus urges legalization | |||||||||||||
A virus urging the legalization of marijuana has gotten pot fans smoking mad, prompting angry posts from not so mellow victims to Marijuana.com, a website which bills itself as "The Internet's Answer to the Drug War". (Marijuana.com has stated they are not affiliated with the virus nor the creator, and have reportedly had to resort to firewall protection to fend themselves off from angry attackers as a result of the virus). Written in Visual Basic 6, the worm affects Microsoft® Windows users only.
The Marijuana worm sets the Internet Explorer start page to http://my.marijuana.com and the Internet Explorer title bar to "Marijuana Explorer (LEGALIZE IT!!!)". As if this were not enough unwelcome advertisement for the hapless victim, the worm also changes the Windows® registered owner name to "Im A Pot Head!" and the organization to "Stoner's Pot Palace". Each day at 4:20 p.m., the virus displays a message, "Its 4:20, Time to toke up :)"
To further advertise its presence, and its message, the email-borne worm adds an icon of the familiar five-leafed foliage to the system tray:
When the icon is clicked, the following message is displayed:
The worm emails itself to users listed in the Windows address book, with the subject line "check this out!!!" and an attachment named system32.exe. While typically spread via email, at least one person was infected by downloading what appeared to be a game titled Dope Crop (Weed Farmer). The file was downloaded from a file-sharing application. (See The Gnu Virus Share for info on other file-sharing viral exploits).
When run, the worm creates a copy of itself named SYSTEM32.EXE in the Windows directory and modifies the WIN.INI and registry to load itself on startup.
WIN.INI modifications:
[windows]
[winnt]
Registry modifications:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
To remove the Marijuana worm from your system, delete modifications made to the registry and WIN.INI file, reboot the system, then delete the system32.exe file.
The Marijuana worm, a.k.a. W32/Marijuana and W32/Mari@mm, is not the first virus that attempts to persuade those infected that it means no harm. The VBS/Staple virus apologized to its victims while spreading its infection with a political message detailing the plight of Palestinian children reportedly being killed by Israeli soldiers. Politics aren't the only venue of virus writers. Viral marketing techniques have resulted in viruses such as Homepage, which directed the infected user's browser to various porn sites on the Internet.
|
|||||||||||||
Explore Antivirus Software
Must Reads
About.com Special Features
Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >
Easy ways to connect two computers for networking purposes. More >
©2009 About.com, a part of The New York Times Company.
All rights reserved.