Viruses & Malware

A new worm that hit users this week is a perfect example of the future of malicious code, said Panda Software Friday. And that future looks ominous.

The worm, dubbed "Eyeveg.d" by Panda (but Bugbear.b by Sophos, Lanieca.b by Symantec) is a sophisticated hybrid that spreads like a worm but conducts Trojan-style actions against the compromised computer.

Eyeveg.d infects a PC using an .exe file, a typical tactic of worms, and spreads itself to other machines by hijacking e-mail addresses and mailing itself to others.

Malware, whether it be spyware, adware or viruses, has been the focus of many recent studies conducted by the media, universities and vendors. And despite their differences, the studies consistently show that anti-virus programs can achieve 100% efficacy ratings, while spyware prevention programs can only achieve about 90% efficacy. So what makes spyware so different from viruses? Why is perfect prevention possible for viruses but not spyware? The answer is far from simple, and it involves an understanding of how uninvited software can take up residence on a PC.

The Witty worm, which infected more than 12,000 servers a year ago, came from a single computer in Europe and used a U.S. military base's vulnerable systems to kick-start the epidemic, according to an analysis released by three researchers this week.

Computer users already anxious about viruses and identity theft have new reason to worry: Hackers have found a way to lock up electronic documents and then demand $200 US to get them back. Security researchers at San Diego-based Websense Inc. uncovered the unusual extortion plot when a corporate customer they would not identify fell victim to the infection, which encrypted files that included documents, photographs and spreadsheets.

A ransom note left behind included an e-mail address, and the attacker later demanded $200 for the digital keys to unlock the files.

German security experts claim to have stopped a new variant of the Sober virus that reared its ugly head earlier this month. Sober.Q propagated right-wing hate messages in German and English.

Analysts, however, are somewhat skeptical that this is the end.

After tearing through the Internet earlier this month by promising tickets for the 2006 World Cup in Germany, the Sober-N worm dropped the Sober-Q Trojan on compromised machines and began spewing messages of German nationalism. Now, CipherTrust researchers say, that Trojan will be receiving new instructions that could include a more destructive payload than merely sending out spam.

Somebody has been using city hall computer servers to spread a potentially dangerous virus. Authorities still don't know who planted the electronic "worm", but it has already caused some headaches for local Internet service providers who said they received it by way of city hall among others.

Above all, this underlines the need to stay up to date on your virus and spam protection. As this case proves, sometimes even that is not enough. According to Internet security company Symantec, 35 new viruses have been identified since the beginning of this month.

The cell phone virus Commwarrior recently surfaced in Italy, in a sign that destructiveness of the Symbian OS nemesis is reaching a boil after simmering for months.

As feared, the virus is showing its propensity for spreading. Italy is the third nation in only three weeks to suffer Commwarrior attacks, according to security experts F-Secure. The other nations are India and Oman.

While most people were enjoying a lazy Sunday morning, South Africa was the target of one of the biggest electronic spam attacks to date.

According to anti-virus group Symantec and partner AntiSpam Africa, electronic spam increased by more than 300% on Sunday.

Networks monitored by Symantec quickly reached their maximum capacity even though most people were not at the office. By Monday morning, this figure had nearly doubled as people switched on their computers and started using their e-mail.

Debby Fry Wilson has more than a few reasons and sleepless nights to remember Sasser, the last major network worm to clog Windows systems around the world. t was on her birthday, a year ago this month, when the first Sasser reports started filtering in and, for Wilson and her colleagues at the MSRC (Microsoft Security Response Center), the outbreak presented an opportunity to test a new emergency-response system that had just been implemented by Microsoft.