New virus spotted: W32.Neroma@mm
Thread poster: Evert DELOOF-SYS

Evert DELOOF-SYS  Identity Verified
Belgium
Local time: 14:00
Member
English to Dutch
+ ...
Sep 8, 2003

New September 11 virus spotted; more on the way?

By Keith Regan, Information Security Magazine
08 Sep 2003, Information Security Magazine

The first of what researchers predict could be a spate of new viruses related to the second anniversary of the September 11 terrorist attacks has been spotted.



W32.Neroma@mm, as named by Symantec, spreads through Microsoft Outlook. The message subject line is "It's Near 911." Double clicking the attachment activates the virus, which then attempts to send itself to every listing in the user's Outlook address book.

Eric Kwon, CEO of AV firm Global Hauri, which discovered the virus on Sept. 2, recommends that enterprises block incoming e-mail messages with that subject line. As of Friday, Symantec reported fewer than 50 Neroma infections.

Kwon notes that just days after Sept. 11, the Nimda worm hit the world's computers, causing millions of dollars in damage. The recent onslaught of Blaster and Sobig.F infections demonstrate that networks are every bit as vulnerable now as they were two years ago.

Meanwhile, virus watchers in the U.K. have spotted a virus that criticizes the decisions of British prime minister Tony Blair and attempts to use infected computers to launch a distributed denial-of-service attack against his Web site.

Vendor Sophos says "Quarters" can spread through e-mail, where it is disguised as a message about "account information" and through Internet chat. Also called "Blurt" by Network Associates, the virus disables antivirus, personal firewalls, the registry editor and the task manager.

Graham Cluley, Sophos's senior technology consultant, says the worm overwrites files on the user's computer with the text "Infected by the WIN32.SORT-IT-OUT-BLAIR Virus!" and can display an anti-Blair message.

Up-to-date antivirus software will prevent infection. Sophos recommends filtering executable files at the e-mail gateway.


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

New virus spotted: W32.Neroma@mm

Advanced search






Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »
SDL Trados Studio 2017 Freelance
The leading translation software used by over 250,000 translators.

SDL Trados Studio 2017 helps translators increase translation productivity whilst ensuring quality. Combining translation memory, terminology management and machine translation in one simple and easy-to-use environment.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums