By Will Sturgeon, 19 January 2004 17:30
NEWS The latest virus outbreak to hit the headlines is the Bagle worm, which was first spotted overnight in Australia; however, its subsequent spread has been global and engineered to hit companies hardest when they are under-resourced.
The spread has been fairly rapid, with many antivirus companies hastily updating their warning status through the day from lower settings to high risk levels.
Jack Clark, product manager at McAfee, said: "We know of about six major enterprise customers who have been hit very hard by this virus and we believe the timing of its launch is no coincidence."
"This virus appears to have been timed to coincide with Martin Luther King Jr day in the US and the Chinese New Year," he added, warning that many companies in those two major online nations will be on holiday when it strikes.
However, despite the timing, Clark believes that suggestions that Bagle is set to become the next Sobig, with some warning of multiple variants with increasing levels of severity, are wide of the mark.
"I doubt they could have repeat success with this virus," Clark told silicon.com. "I've heard suggestions that this is 'the next Sobig' but it's very easy to just say that about any virus which comes along from now on."
"I don't see this as anything special," he added.
So far, MessageLabs has seen more than 80,000 copies of Bagle - and according to Paul Wood, the company's chief information security analyst, "this number is rising at an alarming rate."
However, Wood agrees with Clark's belief that the virus is nothing special, citing "unsophisticated social engineering techniques" and its clearly displayed executable attachment.
However, the added factor of striking at a time when staff have been off work, either returning from the weekend or from a public holiday may be enough to catch some users off-guard and cause the virus to spread over the next few days.
As always the advice is to be wary of any email where you cannot vouch for the sender, the message content and the attachment.
Comments
There are 5 comments. Join the discussion
1. Paul Worcester
The article could have included a description of what the virus does!
(Ed note. Paul have you read the original article - it's linked to from this one. The use of the word 'update' in the headline, should have made it clear this was updating the earlier story, which includes more detail on what the virus does.)
2. David Dryden
When are people in large companies going to learn?
Ok so its a pain to apply MS Service packs to every PC in your enterprise but there is an easier way than that to deal with these.
Take a look at the Microsoft unsafe files (the ones which the latest version of outlook blocks anyway like EXE and SCR etc) and block these attachments at the server end, sure you might get hassled by the virus's message content and end up with some puzzled staff asking you what the strange messages are BUT the payload file isnt there and you wont catch it yourself.
I have been doing this for a long time now and its highly effective.
3. Susanna K. Hutcheson
I checked my network after updating my virus program and had nothing. But I use a program that allows me to delete mail off my server before I get it on my PC. Fact is, I only accept about 1 out of every 100 emails that I get. I don't know why everyone doesn't do that and these viruses wouldn't present a problem. They can only harm you if you download them and in most cases actually click on a downloaded file, which is a stupid thing to do anyway.
4. Warren Swaine
Paul wondered what the virus does. Simple: it shows up incompetent IT departments and points a big fat screaming neon finger at "Stupid Users"!
5. anonymous
Can any of these latest virus' attach itself to mail that you have previously sent and received and send it to different email addresses?