Virus fighters catch NakedWife worm in the act
- 08 March, 2001 09:16
"Compared to the Anna Kournikova and I Love You viruses this worm did not get anywhere at all," said André Post, senior researcher at Symantec's Antivirus Research Center (SARC). "If I have to make an educated guess, I would say a few thousand computers were infected."
First reports on the worm came in at around 10:00am EST Tuesday. By the end of the workday on the US East Coast the spread of the virus had stopped, said Post.
"Quick acting on our side doesn't guarantee anything if users don't react. Wide spreading was also prevented by the increased virus awareness amongst customers," said Post, adding that wide media coverage also contributed.
SARC received "about 40" reports from customers with infected systems, most of which were in the US, a few in Canada and a few in Europe. McAfee, a division of Network Associates, reports lower numbers with 15 customers hit in North America and three in Europe. Asia, it seems, wasn't hit at all.
"Asian businesses had already closed for the day when the worm surfaced. When they opened on Wednesday the worm had been dealt with," said Post.
Both McAfee and SARC said NakedWife most likely was created in South America.
"We suspect the worm originated in Brazil. Virus writers typically add their nickname to the viruses they write and we keep a close eye on the writers," said Post, noting that most new viruses come out of South America. "Viruses are hot there."
Although NakedWife didn't make it far, McAfee still rates the worm "high risk."
"We gave it that rating because of the destructive payload," said Marius van Oers, virus research engineer at McAfee in Amsterdam. "I expect the rating to go down to medium in the course of Wednesday."
The Trojan worm is spread via e-mail using the address book of Microsoft's Outlook e-mail client. It arrives in an e-mail with the subject "FW: Naked Wife." Once the attachment -- NakedWife -- is executed, the worm starts sending itself to every e-mail address in the infected user's address book and deletes dozens of important Windows system files, forcing the user to re-install Windows, Van Oers said.
Most anti-virus software vendors have updated virus definition files available that can discover and eliminate NakedWife.