A new variant of the Lovgate worm has been discovered infecting PCs globally, according to security bulletins by major security firms including Symantec and McAfee.
First discovered in February 2003, the Lovgate worm spreads by e-mailing itself to addresses found on infected PCs. Once inside a machine, the worm opens a "back door" to allow an attacker inside. In addition, Lovgate scans PCs for executables and replaces them with further copies of itself.
Considered a medium risk by both Symantec and McAfee, the new Lovgate variants--Lovgate.AE and Lovgate.AH--target Microsoft's Windows applications and will disable antivirus software and security applications on an infected system.
"What this worm does... is it responds automatically to e-mail sent and attaches itself in the reply," explains Jeffrey Posluns, chief innovation officer at Toronto-based IT security provider WhiteHat. "It is a much more likely mechanism to have the recipient of the e-mail open the attachment. The inherent paranoia usually related to attachments is diminished because it is a reply to an e-mail sent."
Making a Comeback
Despite being dormant for nearly a year, Posluns says it isn't surprising to see viruses like Lovgate rear their ugly heads again. In fact, he says there are several ways and incentives for virus writers to re-infect systems with the same viruses. In the case of Lovgate, the source code is already written.
"That is the hard part," he says. "Virus writers can make modifications but the code is already done so they save on time."
He also notes that while no firm or user should be without antivirus software, it's not the be all and end all of a secure system. Posluns likens the newest strain of Lovgate to the Hepatitis disease and vaccine: a "shot" for Hepatitis A won't protect against Hepatitis B or C.
"Most virus writers will modify the virus just enough so that antivirus definitions will not be able to pick them up," he says.
As a rule of thumb, Posluns says e-mail administrators should configure systems to delete executables as soon as they pass through the e-mail server. WhiteHat, for example, has developed Insight Antispam and Antivirus, an offering that does just that.
Insight works in tandem with antivirus definitions like Symantec's Norton and McAfee to decrease the amount of real threats that make it through to the employee desktop. During trials in the month of June, Posluns says that out of 101 million e-mails received, the Insight product was able to determine and delete 70 million messages as spam and 21 million as harboring viruses. He says that while no viruses made it through to end users, 32 were picked up by antivirus definition software.
Written by: Carly Suppa, ITWorldCanada.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment