|
The following e-mail will be sent on your behalf.
has sent the following story to you from ElectricNews.net.
The story is available from https://electricnews.net/news.html?code=3008722
Systemhouse warns on Apost e-mail virus
Wednesday, September 05 2001
by Stan Van Haasteren
A new e-mail virus called Apost has emerged and is "serious and spreading,"
according to Irish company Systemhouse Technology.
The company sent out a virus alert on Tuesday, which it only does when there is a
serious problem, according to John Mulholland, Director of Information Security
Consulting at Systemhouse.
The full name of the worm is W32/Apost.worm@MM, but is also called
W32.urgent.worm@mm. Most people know it as Apost.
Priority Data Group, an Irish security specialist company, classified the threat
as "medium" on Tuesday. "But if it turns out to be a major problem, we will
send out a security alert," Group Sales Manager Aideen Kellett said. "Yes, we
are getting more phone calls than normal today, but it is definitely not as bad
as when the major viruses started spreading."
Anti-virus software developer Symantec has upgraded the threat level for Apost
from 2 to 3, while Network Associates classifies the threat as "medium on
watch". Symantec states that the distribution rate of the worm is high, while
the risk of damage is low.
The e-mail has a subject line "as per your request" and a text: "Please find
attached file for your review. I look forward to hearing from you again very
soon. Thank you."
The e-mail has an attachment called "README.EXE" and if it is opened, the worm
sends a copy of itself to every entry in the user's address book and then
displays a small dialog box titled "Urgent!". The box has a button labelled
"open" and if this is pressed the worm e-mails itself to the same recipients
again, before displaying a fake "Winzip" error message.
The virus originates from the US, but has already crossed the ocean, according to
Mulholland, and he said he fears there may be a snowball effect from the virus.
Mulholland said that although anti-virus software can trace most existing
viruses, the problem is that virus writers keep writing new malicious code.
"That's why we advise people to keep updating their anti-virus software," he
said. "And of course always be careful not to open any suspicious attachments.
It's also a good idea to disable the visual basic script functionality, because
that can stop the virus from executing its programme."
According to Mulholland the Sircam virus, which has been around since the middle
of July, still poses a major threat. "Sircam has been hanging on and hanging
on," he said. "It's a quite nasty virus. We advise people to also scan the
e-mail recycle bin with their anti-virus software, because that's where the
Sircam virus can often be found."
The US messaging services company EasyLink said on Wednesday that its MailWatch
Service intercepted a total of 247,569 virus instances in August and that 178,832
of those occurrences were Sircam viruses. The research firm Computer Economics
has estimated that Sircam has cost enterprises over USD1 billion in IT costs and
lost productivity since its outbreak in mid-July.
To stop the Apost virus from spreading, Norton anti-virus users should download
the update dated the 4th of September from href="http://www.sarc.com">http://www.sarc.com, which also detects a new
variation of the Magistr virus.
Users of McAfee or Dr Solomons can download the latest update from href="http://www.mcafeeb2b.com/naicommon/download/dats/find.asp">http://www.mcafeeb2b.com/naicommon/download/dats/find.asp
Further information about the Apost virus can be obtained from the following:
Symantec: http://www.symantec.com/avcenter/venc/data/
NAI: href="http://vil.nai.com/vil/virusSummary.asp?virus_k=99198">http://vil.nai.com/vil/virusSummary.asp?virus_k=99198
|
