CA Catches Cholera

As if the whole 9/9/99 issue wasn't enough for network administrators to worry about today, Computer Associates Inc. (CA, is warning the industry about a new "wormlike" virus named Cholera. CA reports that it has the potential to overload e-mail servers because it sends itself to e-mail addresses it finds on hard drives.

CA says it has the ability to detect the worm and is calling it "moderately dangerous" because although it's a threat, Cholera hasn't been reported by any CA clients.

According to information from CA's Web site, Cholera poses a dual threat because it is a worm, spreading itself to any e-mail address it can find and then infects those systems with a virus. CA is warning users not to open any strange e-mail attachments -- especially ones with the characters ":)" in the body of the message and a file attachment called "Setup.exe." The file looks like a standard Windows install program except for the attachment icon's color.

The worm becomes resident when the infected system is rebooted and will attempt to copy itself to any shared drives to which the user is connected. The file infects executables in the directory it is launched in with a virus called W32/CTX. When executed, the following message is displayed:

Cannot open file: it does not appear to be a valid archive. If you download this file, try downloading this file again.

CA reports the worm deletes itself from the system once it's sent out. The company says the code to Cholera is from a hacker site in Germany. -- Brian Ploskina

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.