Audio/Video

Over one-fifth of home and office personal computer (PC) users using e-mail have knowingly opened an unknown e- mail attachment out of sheer curiosity, exposing themselves and others to e- mail borne viruses, according to a survey conducted by Central Command. The survey, titled 'Are You Practicing Safe Computing', was e-mailed to over a 750,000 PC users worldwide and explored individual's computer security settings and behaviours with known computer security vulnerabilities. With a 12 per cent response rate, the survey represents a cross-section of PC users that exist today.

A new permutation of the Code Red II worm was discovered on Friday, and one expert says that Code Red is now unlikely ever to disappear.

The new variant has been dubbed CodeRed.d, and exploits the same Index Server flaw in Microsoft's Internet Information Server (IIS) software as the initial Code Red. According to Roger Thompson, technical director of malicious code research at antivirus firm TruSecure, who detected the variant, the appearance of a new worm indicates that we are stuck with the Code Red problem "forever."

The first sign of a problem surfaced when a window popped up on my computer screen. It told me I had a computer virus lurking in one of my e-mails.

I can't repeat what blurted out of my mouth.

But just the thought of a virus sent chills running up my spine.

Fortunately, I had Norton Anti-Virus software working in my computer. The software identified the virus and wouldn't let it activate in my computer.

I simply deleted the e-mail. End of problem - or so I thought.

The virus W32.Magistr.24876@mm has found yet another lame trick to spread its files using yet another stupid socially engineered message.

The subject line says "What I was... " and the body of the message says "Think it would be somewhat easier to get some friends of mine to see this movie with me. "C'mon guys, Rachel Liegh Cook is in it! My buddies just give me this wierd look like I just asked them to go to a birthday party at Chucky Cheese's.....".

On July 19, 2001 more than 359,000 computers were infected with the Code-Red (CRv2) worm in less than 14 hours. At the peak of the infection frenzy, more than 2,000 new hosts were infected each minute. 43% of all infected hosts were in the United States, while 11% originated in Korea followed by 5% in China and 4% in Taiwan.

The SirCam worm/virus combo has now been asking your "advice" for almost a week. But even when it infects an FBI computer, it's not getting any more dangerous - just more embarrassing. Proving that even professionals can spread computer diseases, a researcher in the FBI's online security unit accidentally helped send SirCam across the globe on Tuesday.

An e-mail worm sweeping the Internet has infected at least one computer in the FBI's National Infrastructure
Protection Center.

Messages containing the SirCam worm were sent from an FBI.gov account of a NIPC special agent this morning to
several private-sector security professionals, including the operators of the Safemode defacement archive.

The stories on the spread of the Red Alert worm are taking up most of the headlines on the major news wire services. Here is a sampling of all the articles that you can click on to read that were released just this morning. I expect this number will quadruple as the day goes on and the media start flooding the world with Red Alert stories...

Sophos, a world leader in corporate anti-virus solutions, today announced that it has detected and protected against 6,127 new viruses in the first six months of 2001. In the same period, calls to Sophos's customer helpdesk suggested that those viruses which demanded the most media attention, were not necessarily those causing the biggest problem.

The following information was researched by Ryan Permeh (ryan@eeye.com and
Marc Maiffret (marc@eeye.com of eEye Digital Security.
We would like to specially thank Matthew Asham of Left Coast Systems Corp
and Ken Eichman of Chemical Abstracts Service for providing us with logs and
needed data to make this analysis possible.Introduction
------------