bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

sponsorType

urlAlias

moreOnThisArticles

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

A computer virus that may have been written by a Hong Kong user has hit Macintosh users.

 The virus - 9805 AutoStart worm, or Desktop Print Spooler, attacks and corrupts files on Power Macintosh systems.

 It was first discovered in April in Hong Kong and has since spread to Singapore and Taiwan, IT Daily reported.

 There are only about 30 known viruses for the Macintosh, compared with thousands for DOS and Windows. No new Mac virus had been discovered for several years.

 The virus is a 'worm', a self-contained and self-propagating program rather than one which attaches itself to another program.

 The 9805 Autostart worm initially was spread through CDs using QuickTime's auto-play function.

 Most reports claim the virus originated in Hong Kong, but some say it came from the mainland.

 Mac repair shop Uptown Solutions' technical director Jim Ting says the virus began to spread about the same time as the OS 8.1 upgrade.

 Mr Ting said the worm's author had been hard at work since then.

 'Actually we have found three versions. The first two versions make your computer run slower,' he said, blaming the disappointing performance from the latest version of the Mac OS on the introduction of the worm.

 The virus attempts to infect any hard disk, floppy or removable drive the computer comes into contact with, including volumes mounted over office computer networks, Mr Ting says.

 The worm may not damage data but the amount of CPU time the program takes when looking for volumes to infect can bring the machine to a grinding halt.

 Initial reports described the worm as PowerPC-specific and only transmitted through QuickTime's autostart function. However, several non-PPC servers at the South China Morning Post have been infected. None had QuickTime installed.

 The latest variant, autostart worm 9508 C, is more vicious. 'The newly found version may damage some graphics files,' Mr Ting said.

 The worm specifically looks for TIFF and EPS file formats, overwriting portions of the file with random data.

 Virex can provide definitions to remove the latest versions. Uptown Solutions' stand-alone application Eradicator also will do the job.

 The application is free and can be downloaded from Uptown's Web site (www.up town.com) or from the Hong Kong Mac Users Group (www.

hkmug.org.hk). Wormfood 1.2.1 also will handle all three variants.



Worm jamming up Mac works