Worm blazes trail for future havoc

Although relatively unscathed by the latest indiscriminate worm attacks, Australia is still in the firing line for future havoc, according to security industry sources.

The Trojan Horse virus, or "worm", caught the world's attention recently after emigrating from Israel disguised as an e-mail attachment from someone you know.

It swiftly spread to the US and Europe, which reported the worst front-line casualties. Some multinationals such as Microsoft had to take the drastic step of turning off their mail servers.

Locally, Computer Associates' security team was inundated with enquiries, while the company itself was also hit by the worm. Ironically, CA recently bought antivirus specialist Vet.

"Some of our people were infected by it as early as Monday last week," said David Sanday, CA's marketing manager.

"By Tuesday morning it was quite widespread amongst the organisation. Those who opened the zip files lost all their files but we had it contained by Tuesday afternoon and everyone kept functioning - we didn't have to shut the server down," Sanday added.

Computer Associates did not receive news of any clients being in- fected, according to Sanday. "People were mostly just asking about how to prevent it and wanting more information. There were very few reports of the actual virus."

Security experts from CA's Vet divison assured Australian companies the virus had not infiltrated many local organisations.

"The virus was quite damaging in the US but it hasn't had much effect in Australia. Obviously companies that have strong business ties to American companies are more at risk, and those are the ones we are seeing infected," Sanday explained.

However, complacency is the worst enemy, according to Sanday, who believes in a proactive approach to security. "You have to source the right product and have procedures in place to counteract what are basically malicious vandals," he said.

Other companies to fall victim to the worm include the US operation of antivirus specialist Trend Micro, which illustrates the increased severity and prevalence of such attacks.

"Coming off the back of the Melissa virus, people were aware of the issues and were consequently more protected. But there will always be people who can come up with a way to do things," Sanday warned.

"There are a lot more people out there now with sophisticated computer knowledge and the desire to cause damage."

The Trojan Horse worm revealed

What the virus is

A Trojan Horse e-mail virus or 'worm'

It appears as an e-mail attachment with a file name 'zipped_files.exe'The subject line reads 'I received your e-mail and I shall send you a reply ASAP. Till then take a look at the attached zipped docs'When the attached file is executed, a dialog box appears that reports the following error; 'Can not open file: It does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help'It monitors the inbox of an infected system for incoming mail, as opposed to sending itself to people via an address bookIs similar to a virus but is technically a worm program because it delivers a payload and then moves to another machine instead of infecting an entire machineWhat it affectsThe following files are targets;.doc, .xls, .ppt, .c, .ccp, .asmMicrosoft Exchange and Lotus Notes environmentsAny Microsoft API compliant e-mail programWhat it doesIt can propagate itself via e-mailIt can delete a victim's document filesIt can gain control of the victim's computer system once the attachment is openAlters the win.ini fileCan delete Microsoft Word, Excel and PowerPointCan search through drives C to Z and randomly select a set of files and kill the contents of an arbitrary extension of those filesCan affect shared drives and thus documents on a networkWhat you can doSybari suggests companies should clean messages at the e-mail server. http://www.sybari.comContent Developer recommends that companies invest in network protection and mail sweepers. http://www.mimesweeper.comSymantec warns that it is very dangerous to run executables, even if they look safe and are from someone you know. Associates stresses that companies must be prepared and constantly update antivirus software and security as the lead-up time to this worm is very short. http://www.nai.comComputer Associates' Vet experts caution companies to constantly monitor and report to staff potential threats so they