Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
Nolor worm threat minor: anti-virus experts

By Patrick Gray, 0
April 29, 2003
URL: http://www.zdnet.com.au/news/security/soa/Nolor-worm-threat-minor-anti-virus-experts/0,130061744,120274044,00.htm


Anti-virus companies have played down the threat from the Nolor (aka Cailont) mass-mailing e-mail worm--a "garden variety" virus that spreads by sending itself to Windows address book entries through an executable attachment.

The worm had received the highest distribution rating from Symantec, despite low levels of infections. The high rating was given to the virus because it has the capacity to spread rapidly, John Donovan, managing director of Symantec in Australia and New Zealand, told ZDNet Australia.

"We're not seeing a great infection rate... the ratings are set [according to] the ability of the virus or worm has to send itself out," he said.

One of the reasons the mass-mailer isn't spreading rapidly is because users have finally learned not to open executable attachments, Donovan says.

"It's a combination of technology and policy... most people know they shouldn't execute it. In that way we've almost won the policy war," he added.

The head of technology, Asia Pacific, for Sophos anti-virus, Paul Ducklin, says the new virus is nothing to get alarmed about; it's just another mass mailer.

"We have had one copy of the virus reported to us... keep in mind there are several hundred new viruses a month," he said.

The virus tries to tempt users into opening attachments through a number of different subjects. Some of the seem a little odd, such as "run File Attach to extract:BinladenSexy.jpg..." and "The Sexy story and 4 sexy picture of BINLADEN !".

"Sometimes viruses spread for reasons that you couldn't possibly think of... the run of the mill viruses do have a harder time," Ducklin said.

As for infections among government and corporate interests, he said it's unlikely in this case because most larger organisations automatically block executable attachments, but it "depends on whether their following best practice or not".

"It's much less likely to get in [but] many people do allow all types of attachments," he said.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.