These victims of the virus, which is being described as a worm with Trojan capabilities, are likely Microsoft Windows users who are being sent to a custom Internet relay chat channel without their knowledge. Once there, victims' personal data -- ranging from e-mail address book lists, operating system preferences and registration numbers, passwords, and form data (including stored credit card information) -- can be potentially retrieved from the victim's PC without their knowledge by the virus writer.
PrettyPark is the first known worm with Trojan capabilities and its very own custom IRC channel.
"This virus took months to write, and it's creator put a great deal of effort into it," says Steve Trilling of Symantec (Nasdaq:SYMC). "But it only took us 15 minutes to come up with the cure."
However, consumers are being hit harder by the virus because they are less likely to update their anti-virus software than large companies or businesses and are more likely to open and run executables sent by what appears to be family or friends.
Spread via e-mail
The virus is spread when PC users open an attached e-mail program file named "PrettyPark.EXE".
When executed, it may display the Windows 3D pipe screen saver while it creates and sends duplicate files of itself to e-mail addresses listed in the user's Internet address book. PrettyPark will run this routine every 30 seconds, without the user's knowledge. It will also connect to the custom IRC channel while the PC owner is on the Internet or reading e-mail while connected to a remote server.
So far only Windows-based systems seem to be vulnerable, the virus is definitely spreading and anti-virus software manufacturers are expecting to see more victims in the IRC chat rooms.
Protecting yourself
In order to protect themselves from PrettyPark and other viruses, PC users should update their anti-virus software and avoid opening e-mail attachments.
Researchers are trying to determine if other e-mail programs, such as Eudora and Lotus Notes, are vulnerable, presently the Mac and Linux Operating Systems do not seem to be effected.
