Article

New September 11 virus spotted; more on the way?

Keith Regan, Information Security Magazine

The first of what researchers predict could be a spate of new viruses related to the second anniversary of the September 11 terrorist attacks has been spotted.

W32.Neroma@mm, as named by Symantec, spreads through Microsoft Outlook. The message subject line is "It's Near 911." Double clicking the attachment activates the virus, which then attempts to send itself to every listing in the user's Outlook address book.

Eric Kwon, CEO of AV firm Global Hauri, which discovered the virus on Sept. 2, recommends that enterprises block incoming e-mail messages with that subject line. As of Friday, Symantec reported fewer than 50 Neroma infections.

Kwon notes that just days after Sept. 11, the Nimda worm hit the world's computers, causing millions of dollars in damage. The recent onslaught of Blaster and Sobig.F infections demonstrate that networks are every bit as vulnerable now as they were two years ago.

Meanwhile, virus watchers in the U.K. have spotted a virus that criticizes the decisions of British prime minister Tony Blair and attempts to use infected computers to launch a distributed denial-of-service attack against his Web site.

Vendor Sophos says "Quarters" can spread through e-mail, where it is disguised as a message about "account information" and through Internet chat. Also called "Blurt" by Network Associates, the virus disables antivirus, personal firewalls, the registry editor and the task manager.

Graham

    Requires Free Membership to View

Cluley, Sophos's senior technology consultant, says the worm overwrites files on the user's computer with the text "Infected by the WIN32.SORT-IT-OUT-BLAIR Virus!" and can display an anti-Blair message.

Up-to-date antivirus software will prevent infection. Sophos recommends filtering executable files at the e-mail gateway.

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Admins doubt arrests deter future worm writers"

SearchSecurity.com news exclusive: "What's in a name? Multiple monikers for worms abound"

Ask the experts

FEEDBACK: Is your enterprise extra vigilant against malicious code in the days leading up to a milestone date like September 11?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: