The ‘Sujin Virus’ has a special role in Nepal’s cyber history. Although the real name of this computer virus is ‘Worm.VBS.Small.n’, it is more commonly known as ‘sujin.com.np virus’ and ‘Sujin Virus’. It got this nickname because it used the ‘sujin.com.np’ domain to show its effect.
This virus spread terror in various offices and labs, from cyber cafes where you can use the internet for a fee to shops where you can buy storage devices. This incident became an important lesson for Nepali users about cybersecurity, system configuration and how viruses spread through removable storage devices like pen drives.
‘Alexander Gostev’, who is a senior virus analyst at antivirus company Kaspersky Lab, visited Nepal in 2007. He is currently working as the company’s Chief Technology Expert. He bought a compact flash ‘memory card’ for his camera from a photography shop in Thamel.
After a three-week trip to the Himalayan region, he returned to Moscow, Russia. And, he tried to transfer the photos taken by the camera to his computer. However, at that time, two hidden files were found inside the card. One of them was ‘autorun.inf’ and the other was ‘VirusRemoval.vbs’. These were the same files that confirmed that the Kingston company’s memory card was infected with ‘Worm.VBS.Small.n’. When Gostev analyzed the code of this virus, he found that it redirected the Internet Explorer homepage to ‘sujin.com.np’. The ‘.np’ extension at the end of the domain confirmed that its source was Nepal.
This virus was written in ‘VBScript’. VBScript is a client-side scripting language developed by Microsoft. This virus could modify the registry configuration of the computer.
It spread widely through removable storage devices such as pen drives and memory cards. As soon as the infected storage drive was connected to the computer, the ‘autorun.inf’ file would automatically run a virus script called ‘VirusRemoval.vbs’.
After entering the computer, this virus would hide a copy of itself in the system directory. Then, it would make changes to the Windows registry so that the virus would activate itself when the computer started.
On the infected computer, it would make ‘Sujin.com.np’ appear on both the Internet Explorer homepage and the browser’s title bar (Window Title).
The most annoying part of this virus was that it would disable important system tools such as Task Manager, Folder Options, and Registry Editor. Since these essential tools would not work, it would be extremely difficult to remove the virus from the system.
The most unique part of this virus was its name and the claim of the developer who created it. The main file of the virus was named ‘VirusRemoval.vbs’, which means ‘virus removal script’. It was created by a person named Sujin Joshi (sujinjoshi@gmail.com). His email and website addresses were mentioned in the code above.
Joshi presented his script as a ‘virus removal program’. Instead of damaging the system like other viruses, he claimed that this script would repair it and even protect it from future viruses. However, it became a headache for users. Many accused Joshi of using it as a means of gaining popularity by disabling important tools like the Task Manager and Registry tool and forcibly displaying his website name in the browser. Later, Joshi himself also released a small software to remove this virus.
How did you feel after reading this article?
Related Posts
Recent Posts
