|
Two computer viruses making rounds
ATLANTA, Georgia -- Anti-virus experts are warning of two computer bugs, one targeting the White House site with a Web attack, while the other is rated a "medium risk" to users because the number of infections is rising quickly. However, neither virus has particularly damaging capabilities. A computer worm known as "Code Red" was unleashed on nearly 100,000 Web servers Thursday, posing a risk of deleted files and slow performance, computer security experts said. Some reports estimated that more than 225,000 computer systems around the world were infected. One of its intended targets, they said, was the White House Web site. A computer worm is a program that propagates itself by attacking other machines and copying itself to them. But computer experts said home Internet users would probably not be affected, and there is no cause for panic. Dozens of new worms and viruses are released each week. They said this particular worm does have some destructive payload, meaning it can destroy or delete some files, but the major problem it is causing is a degradation of performance and some system instability. For example, it could cause slowdowns in business networks that have been affected. It can also result in altered or garbled Web pages. An analysis of the worm program by network protection company eEye Digital Security said the infected computers were programmed to hit the White House Web site Thursday evening with a "denial of service" attack, and could potentially slow parts of the Internet to a crawl. However, Keynote Systems, which monitors the 'whitehouse.gov' site, said the site was immunized against the worm and is operating just fine, with a 95 percent availability to those who try to access it. One expert said computer security analysts have been aware of the worm for a couple of weeks, but it was moving fast. "We've seen this worm spread quickly to a significant number of machines," said Jeffrey Carpenter, a coordination manager for CERT. CERT is a clearinghouse for computer intrusions, based at Carnegie Mellon University in Pittsburgh. Only Web servers with a particular configuration of Microsoft Windows, known as IIS, are vulnerable to this attack. A patch, or fix, is available via CERT at www.cert.org, or through a number of other virus protection companies. Invasive worm sends out personal filesMeanwhile, a troublesome worm called "Sircam" is also making the rounds. Although it has been known about for some time, several anti-virus companies have raised a warning flag due to the speed at which it is now spreading. Sircam is a mass mailing virus that uses Microsoft Outlook Express to distribute itself, according to Trend Micro. It attempts to evade detection by arriving with a random subject line and an attachment by the same name. But Sircam is particularly nasty since it can send out personal documents saved on the hard drive. F-Secure's anti-virus warning described Sircam's message like this:
Subject: Document file name (without extension)
From: [user_of_infected_machine@prodigy.net.mx]
To: [random@email.from.address.book]]]>
I send you this file in order to have your advice
See you later! Thanks
Once a computer is infected, Sircam creates a list of
files with extensions such as .DOC and .JPG that are
located in the user's "My Documents" folder. The virus
then sends copies of itself to users in the victim's
address book, including one of those files chosen at
random.
"Since quite often users keep their personal or
company-related documents there, it means that the
worm can send out confidential information," states
the F-Secure Web site.
Anti-virus firm Symantec had elevated its warning
level Thursday from a 3 to a 4 on a scale of 1 to 5,
while others designated it as a "medium" risk.
When Sircam is run, it copies itself to the Recycling
Bin, sets up a directory called
'c:\recycled\SirC32.exe' and appears as 'SCam32.exe'
in the Windows system directory. This way the worm's
activity is disguised.
Despite its intrusive nature, Sircam appears to do
little in terms of deleted files, the anti-virus
companies stated.
Instructions on how to remove Sircam from an infected
computer are posted on most anti-virus Web sites.
"The trick with all these attacks is, when does it
rise to the level of being noteworthy?" asked Ben
Venzke, a security expert at iDEFENSE in Fairfax,
Virginia.
Experts said the Code Red and Sircam worms are nowhere
near legendary predecessors like the "ILOVEYOU" worm
or "Melissa" virus.
Venzke says even the most meticulous system
administrators have a hard time keeping up with all
the patches and fixes necessary.
"We're going to have to come to a time when we do
something more than just constantly react to these
attacks," he told CNN.
CNN.com Sci-Tech Editor Daniel Sieberg contributed to this report.
|
|
||||||||||||||||
|
||||||||||||||||||
Back to the top |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |