Even cybercriminals get into the holiday spirit. Over the years, network administrators have dealt with the likes of the CHRISTMA EXEC, the Father Christmas worm, and the Santy worm when they would have rather been drinking eggnog. In December 2000, those in the know were taking precautions to ensure the W32.Kriz virus didn’t turn their computers in a lump of coal.
First identified in August 1999, Kriz was programmed to remain dormant on a computer until Dec. 25, at which point it launched a payload affecting machines running Windows 9x/NT. Kriz infected Portable Executable (PE) Windows files, as well as damaged the operating system file KERNEL32.DLL and the BIOS of a PC, causing computers not to boot up. Kriz was considered a mutant form of the CIH or Chernobyl virus, which was also a “space-filler” that lay dormant within a system until a programmed date.
Kriz did initial damage on Christmas 1999, but media attention was prevalent in 2000 because it was thought that—you guessed it—many computer users would not have taken advantage of security updates in the interim.
Kriz frequently traveled with other viruses, such as Happy99, one of the first email worms. An innocent-seeming attachment, such as a fireworks animation, would carry with it a damaging virus.
Media coverage seems to have kept Kriz from stealing too many Christmases. Computer users had plenty of warning to install security patches before Dec. 25, and there were few reports of Kriz-related damage. The virus reappeared in 2001 on the Japanese version of a Sega Dreamcast role-playing game.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: Lightspring / Shutterstock