A new variant of the Lovgate worm has been discovered infecting PCs globally, according to security bulletins by major security firms including Symantec and McAfee.
First discovered in February 2003, the Lovgate worm spreads by e-mailing itself to addresses found on infected PCs. Once inside a machine, the worm opens a "back door" to allow an attacker inside. In addition, Lovgate scans PCs for executables and replaces them with further copies of itself.
Internet-based business disruptions triggered by worms and viruses are costing companies an average of nearly $2 million in lost revenue per incident, market researcher Aberdeen said on Tuesday. Out of 162 companies contacted, 84 percent said their business operations have been disrupted and disabled by Internet security events during the last three years. Though the average rate of business operations disruption was one incident per year, about 15 percent of the surveyed companies said their operations had been halted and disabled more than seven times over a three-year period.
Virus writers are distributing viral source code with the latest version of the Bagle virus series, Bagle-AD. Much like its 29 predecessors, Bagle-AD is a mass-mailing worm that is packed using UPX file compression. IT comes in the form of a password-protected .ZIP file, with the password included in the message body as plain text or within an image. The ZIP file contains an executable with the extensions EXE, COM or SCR. After being executed, Bagle-AD emails itself, using its own built-in SMTP engine to addresses harvested from an infected PC.
Like its predecessors, Lovegate.ad@MM is a mass-mailing worm that spreads through e-mail and network file sharing and by exploiting a previously disclosed vulnerability in the remote procedure call interface in multiple Windows versions.
Last year's widespread Blaster worm took advantage of the same flaw.
The worm drops a back door on infected systems and also tries to propagate itself on other systems using a variety of methods, including mailing itself using its own SMTP engine, according to the McAfee advisory.
Mobile operators have six to twelve months to prepare for a major phone computer virus because of the continued proliferation of Java-powered devices.
Trevor Brignall, director of business development of Capgemini's telecom, media and entertainment practice, believes that as the number of Java phones expands they will become a target for hackers.
"Increasingly, most of the phones coming out will carry Java and, once it gets to over 150 million, that's an attractive target for hackers," he predicted.
The Hungarian Zafi computer worm accounted for almost a third of all viruses spread during June, according to security experts. Zafi-B, which first appeared on 11 June, spreads via peer-to-peer file-sharing systems and email using a wide variety of different languages. The worm, like an earlier variant Zafi-A, calls for changes to Hungarian legislation, with the text: 'We demand that the government accomodates the homeless, tightens up the penal code and votes for the death penalty to cut down the increasing crime'.
A leading information technology security company has played down the risk posed by the new Evaman mass-mailing worm, but warned it could still be of nuisance value to Australian users.
Symantec senior technical director Tim Hartman said as yet, the security company rated Evaman only a level two threat (the highest being level five) and acknowledged the worm was not as widespread in Australia as previously expected.
A virus can transmit previous IM conversations to a user's buddy list without his or her consent - and with disastrous consequences.
Virus attacks are not yet frequent on instant-messaging applications, but the latest threat is likely to send a shiver down the spine of all IM users. A businessman whose computer had been infected by a virus found that his entire buddy list had been sent a record of all his IM conversations, said Derek O'Carroll, managing director of IM software vendor IMLogic yesterday.
Web surfers are no longer playing Russian roulette each time they visit a website, security researchers say, now that a far-reaching internet attack has been disarmed.
The attack, which had turned some websites into points of digital infection, was nipped in the bud on Friday, when internet engineers managed to shut down a Russian server that had been the source of malicious code. Compromised websites are still attempting to infect web surfers' PCs by referring them to the server in Russia but that computer can no longer be reached.
A mysterious Internet virus being spread Friday by hundreds and possibly thousands of infected Web sites may be aimed at stealing credit card and other valuable information, security experts warned.
The infection appears to take advantage of three separate flaws with Microsoft Corp. products. Microsoft said software updates to fix two of them had been released in April, but the third flaw was newly discovered and had no patch to fix it yet.
