-----------------------------------

hbgator

Tue 31 Jan, 2006


Researchers Warn of File-Destroying Worm

-----------------------------------

If you have computer files you'd rather not lose,<b style="color:#FFA34F"></b> now is a good time to make sure your anti-virus software is up to date.<b style="color:#FFA34F"></b> A worm set to activate Friday will corrupt documents using the most common file types,<b style="color:#FFA34F"></b> including <b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>.doc,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>.pdf,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> and <b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>.zip.<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
Hundreds of thousands of machines are believed to be infected,<b style="color:#FFA34F"></b> mostly in India,<b style="color:#FFA34F"></b> Peru,<b style="color:#FFA34F"></b> Turkey and Italy,<b style="color:#FFA34F"></b> said Mikko Hypponen,<b style="color:#FFA34F"></b> chief research officer for Finnish security company F-Secure Corp.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
The worm,<b style="color:#FFA34F"></b> known as <b style="color:#FFA34F"></b>"CME-24,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b>"BlackWorm,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> <b style="color:#FFA34F"></b>"Mywife.E"<b style="color:#FFA34F"></b> or a number of other monikers,<b style="color:#FFA34F"></b> even tries to disable anti-virus software that is out of date,<b style="color:#FFA34F"></b> he said.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
Thus,<b style="color:#FFA34F"></b> users should make sure their software is turned on and has the latest definitions,<b style="color:#FFA34F"></b> generally available for free from the software vendor's Web site.<b style="color:#FFA34F"></b> F-Secure also has created a free removal tool.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>"If you are infected,<b style="color:#FFA34F"></b> and you find out about it today,<b style="color:#FFA34F"></b> you still have time to get rid of the virus,<b style="color:#FFA34F"></b>"<b style="color:#FFA34F"></b> Hypponen said.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
As worms go,<b style="color:#FFA34F"></b> the spread of BlackWorm is relatively low.<b style="color:#FFA34F"></b> But worms these days are generally designed to help spammers and hackers carry out attacks,<b style="color:#FFA34F"></b> not to destroy files as this one does.<b style="color:#FFA34F"></b> So the impact this time may be more severe.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
Microsoft Corp.<b style="color:#FFA34F"></b> issued an advisory Tuesday warning customers about the worm,<b style="color:#FFA34F"></b> which affects most versions of its Windows operating system.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
Users should be safe if they have the latest anti-virus software or if their computers are set with limited privileges,<b style="color:#FFA34F"></b> a common setting in larger organizations.<b style="color:#FFA34F"></b> They are vulnerable if they,<b style="color:#FFA34F"></b> like many small business and home users,<b style="color:#FFA34F"></b> leave their computers set with full administrative rights.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
And users should check the date on the computer.<b style="color:#FFA34F"></b> The worm hits the third of every month,<b style="color:#FFA34F"></b> so if the computer's local calendar settings are off,<b style="color:#FFA34F"></b> Hypponen said,<b style="color:#FFA34F"></b> files may be destroyed sooner or later,<b style="color:#FFA34F"></b> even if the computer is never turned on Friday


-----------------------------------

jkf

Tue 31 Jan, 2006



-----------------------------------

Thanks for the heads up,<b style="color:#FFA34F"></b> hbgator.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
I'll be running continuous scans from now until it
<b style="color:#FFA34F"></b>
seems safe to go back into weekly full scans.<b style="color:#FFA34F"></b> Its
<b style="color:#FFA34F"></b>
the people that are unprotected that usually end
<b style="color:#FFA34F"></b>
up redistributing the payload back out to the public.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
So I'm hoping that everyone will do their part and
<b style="color:#FFA34F"></b>
stay on their toes.<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
<b style="color:#FFA34F"></b>
jkf