Virus shields 'useless' against SirCam

NEWS A hole in Symantec's Norton Anti-Virus software has been exposed by the dangerous SirCam worm, which has been able to pass through companies' email gateways undetected. The problem, caused by a morphing of the malicious email's header text, is also thought to affect other anti-virus products, including Baltimore Technologies' MAILsweeper. A spokeswoman for Symantec said: "There is a problem with catching the virus at the email gateway. We are aware that other vendors are having problems too. "A problem of this kind is very rare. Once every six months or so a new virus comes along which re-writes the rules and causes real trouble. This seems to be doing this." She stressed that the worm should still be picked up by Symantec's server and desktop anti-virus software, and urged users to update. The difficulty is caused by the worm's ability to control the header (hidden text which describes an email to the computer) which contains it. The morphed email header fools the gateway scanner into thinking the email contains no attachment. Baltimore Technologies said: "Certain messaging characteristics generated during the creation of the worm by its own SMTP routines, may pass through [current] detection mechanisms." The company has issued an update to fix the hole in its MAILsweeper product, available at http://www.mimesweeper.com/support/threatlab/threatinfo/W32SirCamDetection.asp. Symantec's spokeswoman was unable to say at time of publishing whether the firm had issued a patch. However, not all vendors have fallen victim to this new trait. Network Associates - which sells McAfee - claims to be immune, as does Sophos. Graham Cluley, senior technology consultant at Sophos, said: "This new threat just underlines why it is so important not to just rely on gateway anti-virus, but keep your desktop software up-to-date as well."