Viruses & Malware

In studying the effects of last summer's MSBlast worm, some security experts turned to an unlikely source in search of clues to the prevention of computer epidemics: plants.

A new Swen-style Trojan horse posing as a critical update from Microsoft has been detected on the Internet, and users who open the e-mail message may find their machines loaded with a back-door Trojan that can steal passwords or be used in conjunction with other systems to conduct major denial-of-service (DoS) attacks.

A new worm targeting users of Microsoft's (Quote, Chart) MSN Messenger network is making the rounds and anti-virus vendors are warning that the threat level and distribution remains high.

The Jitux.A (W32/Jitux.A.worm) was detected squirming through the text chat application and trying to get users to download malicious code. The worm comes in the form on a URL which downloads the "jituxramon.exe" file.

The year 2003 could best be described as erratic in terms of computer virus activity. Despite being a quiet year on the whole, it has been interspersed with periods of high activity, in particular during the summer months when Blaster, Nachi and Sobig.F were doing the rounds.

Jitux has begun to spread through MSN Messenger, while Quis wreaks Christmas-themed mayhem on Windows PCs

Antivirus experts are warning of a destructive, Christmas-themed email worm and a virus that spreads via MSN Messenger, the popular instant-messaging application.

A self-e-mailing worm is threatening to impose a Sober holiday on individuals and companies alike. The worm created havoc in October by getting into systems and e-mailing itself to every e-mail address it could find. Then a second variant, Sober.B, popped up at the end of last week, attempting to intrigue people with subject lines referencing George W. Bush.

Discover the malicious code that infected millions machines worldwide with insightful comments from people such as Mikko H. Hypponen (Director of Anti-Virus Research, F-Secure Corporation) and Graham Cluley (Senior Technology Consultant, Sophos).

The McAfee Anti-Virus Emergency Response Team (Avert) has today increased its original low-risk threat assessment of the 'moderately prevalent' Sober.c worm to medium risk status.
Sober.c contains its own SMTP engine and targets email addresses that it harvests from the victim machine virus.

Once activated, it emails itself to the user's Microsoft Outlook address book with outgoing messages constructed using its SMTP engine. The messages may be written in either English or German, and the attachment filename can vary.

Hackers and security vendors are engaged in a never-ending game of leapfrog, with the former constantly devising clever viruses and the latter feverishly trying to concoct antidotes. As a result, through the years hundreds of thousands of malignant programs have infected networks around the world. Most have had minimal impact, but a handful have caused hundreds of millions -- even billions -- of dollars in damage.

The Sober worm, which caused a big headache for companies at the end of October, has returned.

W32.Sober.B@mm is virtually identical to its predecessor and has been rated as low to medium risk. However, the opportunity remains for major e-mail problems if system administrators are unprepared.

The worm, which was released from Germany and affects Windows operating systems, relies on classic user curiosity. While Sober.A pretended to come from an anti-virus company, headings for Sober B include "George W. Bush plans new war" and "Have you been hacked?".