Viruswatch: PrettyPark

Anti-virus companies warned Friday that W32/PrettyPark, a new e-mail worm program with Trojan horse characteristics, poses a potentially high risk to Internet users on Windows-based systems.

Although assessments of PrettyPark's capabilities vary, and damage reports are sketchy, pundits advised users to update their anti-virus programs to guard against the worm/Trojan, which was discovered sometime after May 12.

PrettyPark, also known as Pretty Worm, reaches users' computers as an attached file in an e-mail message, just like the Melissa virus. Once executed, PrettyPark installs itself in the infected system, then sends messages with an attached copy of itself to addresses listed in the Windows Address Book.

PrettyPark attempts to connect to an Internet relay chat server from a list of 13 possible servers, then send a message to a chat user -- enabling its author to gather data on and monitor affected workstations. PrettyPark can then be manipulated as a Trojan Horse, Panda said, to obtain data such as the list of available disks and confidential information such as logins and Internet connection passwords.

Anti-virus firm Panda Software replicated the "potentially high risk" worm/Trojan in its European lab. "It could potentially be very high risk," said executive director Pedro Bustamante. "The interesting thing about this new Trojan is that, unlike Melissa, it doesn't send itself once; it sends itself every 30 seconds."

Trend/Micro, Symantec and Network Associates said they have been unable to duplicate PrettyPark. In a virus alert, Network Associates said PrettyPark was low risk.