|
The company sent out a virus alert on Tuesday, which it only does when there is a serious problem, according to John Mulholland, Director of Information Security Consulting at Systemhouse.
The full name of the worm is W32/Apost.worm@MM, but is also called W32.urgent.worm@mm. Most people know it as Apost.
Priority Data Group, an Irish security specialist company, classified the threat as "medium" on Tuesday. "But if it turns out to be a major problem, we will send out a security alert," Group Sales Manager Aideen Kellett said. "Yes, we are getting more phone calls than normal today, but it is definitely not as bad as when the major viruses started spreading."
Anti-virus software developer Symantec has upgraded the threat level for Apost from 2 to 3, while Network Associates classifies the threat as "medium on watch". Symantec states that the distribution rate of the worm is high, while the risk of damage is low.
The e-mail has a subject line "as per your request" and a text: "Please find attached file for your review. I look forward to hearing from you again very soon. Thank you."
The e-mail has an attachment called "README.EXE" and if it is opened, the worm sends a copy of itself to every entry in the user's address book and then displays a small dialog box titled "Urgent!". The box has a button labelled "open" and if this is pressed the worm e-mails itself to the same recipients again, before displaying a fake "Winzip" error message.
The virus originates from the US, but has already crossed the ocean, according to Mulholland, and he said he fears there may be a snowball effect from the virus.
Mulholland said that although anti-virus software can trace most existing viruses, the problem is that virus writers keep writing new malicious code.
"That's why we advise people to keep updating their anti-virus software," he said. "And of course always be careful not to open any suspicious attachments. It's also a good idea to disable the visual basic script functionality, because that can stop the virus from executing its programme."
According to Mulholland the Sircam virus, which has been around since the middle of July, still poses a major threat. "Sircam has been hanging on and hanging on," he said. "It's a quite nasty virus. We advise people to also scan the e-mail recycle bin with their anti-virus software, because that's where the Sircam virus can often be found."
The US messaging services company EasyLink said on Wednesday that its MailWatch Service intercepted a total of 247,569 virus instances in August and that 178,832 of those occurrences were Sircam viruses. The research firm Computer Economics has estimated that Sircam has cost enterprises over USD1 billion in IT costs and lost productivity since its outbreak in mid-July.
To stop the Apost virus from spreading, Norton anti-virus users should download the update dated the 4th of September from http://www.sarc.com, which also detects a new variation of the Magistr virus.
Users of McAfee or Dr Solomons can download the latest update from http://www.mcafeeb2b.com/naicommon/download/dats/find.asp
Further information about the Apost virus can be obtained from the following:
Symantec: http://www.symantec.com/avcenter/venc/data/
NAI: http://vil.nai.com/vil/virusSummary.asp?virus_k=99198
|
