The first of what researchers predict could be a spate of new viruses related to the second anniversary of the September 11 terrorist attacks has been spotted.
W32.Neroma@mm, as named by Symantec, spreads through Microsoft Outlook. The message subject line is "It's Near 911." Double clicking the attachment activates the virus, which then attempts to send itself to every listing in the user's Outlook address book.
Eric Kwon, CEO of AV firm Global Hauri, which discovered the virus on Sept. 2, recommends that enterprises block incoming e-mail messages with that subject line. As of Friday, Symantec reported fewer than 50 Neroma infections.
Kwon notes that just days after Sept. 11, the Nimda worm hit the world's computers, causing millions of dollars in damage. The recent onslaught of Blaster and Sobig.F infections demonstrate that networks are every bit as vulnerable now as they were two years ago.
Meanwhile, virus watchers in the U.K. have spotted a virus that criticizes the decisions of British prime minister Tony Blair and attempts to use infected computers to launch a distributed denial-of-service attack against his Web site.
Vendor Sophos says "Quarters" can spread through e-mail, where it is disguised as a message about "account information" and through Internet chat. Also called "Blurt" by Network Associates, the virus disables antivirus, personal firewalls, the registry editor and the task manager.
Graham Cluley, Sophos's senior technology consultant, says the worm overwrites files on the user's computer with the text "Infected by the WIN32.SORT-IT-OUT-BLAIR Virus!" and can display an anti-Blair message.
Up-to-date antivirus software will prevent infection. Sophos recommends filtering executable files at the e-mail gateway.
FOR MORE INFORMATION:
FEEDBACK: Is your enterprise extra vigilant against malicious code in the days leading up to a milestone date like September 11?
Send your feedback to the SearchSecurity.com news team.