Wednesday, February 01, 2006

Virus--article from CBS

Beware The Worm This Friday

Jan. 31, 2006


Got a PC question? Visit

(CBS) Larry Magid analyzes technical issues for CBS News and

An Internet worm that's been circulating for a couple of weeks is set to destroy files on infected personal computers this Friday, Feb 3. Security company Symantec has dubbed it "W32.Blackmal.E@mm," but other security companies have given it different names including "Nyxem," "blackworm," "Grew.A," "My Wife" and "Kama Sutra." Whatever it's called, it has already infected 300,000 systems, according to the Sans Institute but, by PC worm standards, it's still considered a relatively low threat.

The worm is spread by e-mail. It tries to harvest e-mail addresses from infected machines so it may appear to come from someone you know. Unlike many past worms, it is not limited to Microsoft Outlook or Outlook Express — all Windows users are vulnerable but it affects only Windows — not Macintosh, Linux or other operating systems.

It watches your PC's clock and is set to delete files from infected machines on Feb. 3.

CBS News technology consultant Larry Magid talks with security experts Vincent Weafer of Symantec and David Perry of TrendMicro about the latest worm to infect PCs.

Unlike many of the threats we've heard about lately, there doesn't appear to be any financial motivation. TrendMicro spokesperson David Perry calls it "an old fashioned destructive virus. It doesn't have any profit motive." Symantec's Vincent Weafer says it reminds him of the "earlier days of cyber vandalism versus crime."

It's not spyware, it doesn't send out spam, but it can delete document files such as those created by Word, Excel and other applications as well as MP3 music files. The worm will also try to disable your anti-virus software and, once your machine is infected, it harvests e-mail address from your PC and tries to infect people you know.

The worm is attached to an e-mail that can have a variety of subject lines or messages. Subject lines could include "Hot Movie," "Arab sex," "give me a kiss" or "Fwd: Crazy illegal Sex!" but others are also possible.

The good news is that major anti-virus software can detect and remove the worm but only if the software is up-to-date. If you haven't already done so, use your software's update feature to make sure you have the latest anti-virus "signatures."

Because infections, so far, have been measured in the hundreds of thousands rather than millions, Weafer calls it a "low to medium risk."

He says people with out-dated anti-virus definitions (or no anti-virus software) are at a higher risk. In addition to spreading through e-mail, Weafer says that it can also propagate via a local area network. Symantec has a Web page with a technical description of the worm.

In addition to running anti-virus software, it's also a very good idea to have a backup of your data files. Be sure, however, that your files are backed up to a drive that's not connected to your PC, such as a removable hard drive (that's unplugged), a CD or a DVD.

As always be very careful before clicking on attached files, even if they are from someone you know. If someone does send you a file, contact them to make sure it was deliberate.

If you don't have up-to-date anti-virus software, you can use one of the free virus scanning services such as TrendMicro's Housecall.

Anti-virus companies are being uncharacteristically careful not to exaggerate the risk. "I hesitate to go out on a limb on a virus like this," said TrendMicro's David Perry. "I don't know if there will be damage on Friday."

If Friday does come and go without substantial damage, we'll never know for sure whether it's because the worm had no bite or because we were all prepared. Either way, that would be good news.


  1. Whenever I receive an attachment from someone I always email them and ask if they have sent me something OR look for something in the message that indicates that it is from that person ... but mostly I ask before opening. And since I don't open "sex" pictures (unless they're of Hugh Jackman *g*) then I'm pretty safe on that score. I hate this worm stuff - my CD burner won't work for saving stuff on - it doesn't like me, or it's possessed too (see tomorrow's blog for answer on that one) and I don't have a zip drive so I can't back stuff up. So I'm up *&%# creek. And yes, I have symantec - so maybe that will catch something.

  2. I guess I know what I'm doing today!! I suppose I should be backing up more often then I do though.

    I'd think people have more important things to do than create viruses.

  3. I agree!! It is a pain and I really hope nobody I know gets this damn thing. But sometimes it is good to be reminded to save and back up. Do you have gmail accounts? They have a large capacity for storage and you can just mail yourself documents. I have one if you're interested.

  4. Oh the writing stuff I can put on floppies - it's the genealogy that, as I haven't re-entered it from when the hard drive crashed - would be a pain. It was too large for anything. Over 1,000s of names and dates to re-enter.

  5. Wow-that's a lot of stuff. Do you know anybody with a burner? A data streamer? A printer LOL!!!

  6. It's printed out sweetie - in little charts and various records either filed or in a box yet to be filed. See why I've avoided it for over a year?

    Bebo and I have thought about loading it and copying it to her CD burner - her CD burner likes her. I can burn CD's though. It keeps telling me that I don't have access to save to it. Hmmm.

  7. Great. Just what we need, another worm. Grah.