Pretty Park virus returns, sparking email storms

A cartoon-themed Trojan horse that first hit the net last June is back in the wild.

Pretty Park -- often called the South Park virus after the icon of Kyle, a character from Comedy Central's "South Park" adult cartoon -- has attacked companies, universities and other organisations in North America. Samples have also been found in the UK and Europe.

The version circulating now is similar to the one that appeared in June, except that it arrives uncompressed, said Kelly Shall, a spokeswoman for Network Associates.

The variant strikes Outlook Express users on all Windows platforms, arriving as an email attachment called Pretty Park.exe with the subject line "C:/coolprogs/prettypark.exe." Once the attachment is launched, the strain attempts to email itself every 30 minutes to everyone in the user's email address book, creating an "email storm", Shall said.

It also attempts to connect to an Internet Relay Chat (IRC) channel, possibly enabling the Pretty Park author to collect information such as the computer name, registered owner, system root path, Dial Up Networking username and passwords.

An IRC channel allows users to sign on, log in and select the channel or room they want to chat in.

The antivirus firm first noticed Pretty Park's return in mid-February but only classified it as a serious risk as infection rates increased. Shall said hundreds of companies, including a dozen Fortune 1000 companies, have reported Pretty Park but haven't suffered an actual system crash. She declined to identify the companies that were hit.