Anti-virus companies ambulance chasing' over Love variants
- — 22 May, 2000 12:14
Although "NewLove" hasn't wreaked the havoc its predecessors did, the new Visual Basic Script worm is still potent, as it attempts to catch its victims off-guard by changing the subject field of the e-mail it travels in.
Also, it draws the name of the attached worm file at random by picking up a file name from a user's list of recently used files. If launched, the worm immediately e-mails itself through a Microsoft Outlook address book and deletes all accessible files on the local hard drive and any attached network. Yet the damage control initiated by the previous week's events appears to have had an effect worldwide on awareness of how to deal with the worm. "It looks like most people woke up early to this and warned just about everybody they knew," said IDC analyst Chris Christansen on the weekend.
Microsoft are due to make available a "patch" for the .VBS worm, a measure which should restrict the NewLove worm from spreading. A researcher with the Gartner Group, Chris Le Tocq, said that the spate of worm attacks proved how dependent the world is on a homogenous platform, making it vulnerable to these "malicious code bombardments". "I think that we're a technology society that's attempting to find its balance between programmability and security, said Le Tocq. It has been advised that Windows users disable their operating system's scripting host, as a measure against the worm or any variants until the .VBS patch is released, a measure Le Tocq agrees with. "Right now, when Joe teenager can kill your systems at a whim, I'd say on a business functionality balance, do it."
But the anti-virus industry itself has come under criticism, with suggestions raised that it is using hype, fear and sensationalism to market itself alongside warning the public. Quoted in WIRED, Dan Schrader, chief security analyst at Trend Micro said "Anti-virus companies have always been seen as ambulance chasers, and sometimes, it's true. Because this is an industry that has been built on hype and alerts and pretensions of being good citizens, the industry doesn't have a lot of credibility."
An Australian member of the group Halcon last week distributed a virus script to select media to demonstrate the ease with which the virus can be constructed using Microsoft's Visual Basic Script. "Valiant", the script's author, expressed some suspicion via an interview granted to WIRED that his script may have been used to create the latest variant of the worm, though attempts to contact Valiant to confirm his comments were unsuccessful today.
F-Secure have a page with updates and some screenshots for users wanting to know what the virus looks like when contained in an email message. Sophos, Symantec and McAfee all have up to date virus information pages. For alternative opinions on events, visit the Computer Virus Myths page.