Worm targets security software
Published: 03 Jan 2002 10:24 GMT
A destructive new worm that destroys antivirus software on infected computers was slowly spreading on Wednesday.
The Maldal.D worm, also known as ZaCker, was written and distributed on 29 December, according to antivirus software maker Symantec, prompting fears the worm could sneak past security software that wasn't updated over the holiday break.
"We always worry when something comes out at the end of the week or over a holiday, when nobody's in their office," said Steve Trilling, director of research at Symantec's Security Response division, which rated Maldal.D as a moderate threat.
Maldal.D appeared to be spreading slowly and mainly outside the corporate networks that can turn an infection into an epidemic.
"We have seen a bit of an upsurge in submissions today, but most of them are from consumers," Trilling said. "That leads us to believe that a lot of corporations updated their software right away."
Email screening service MessageLabs reported intercepting about 150 copies of Maldal.D by 11 a.m. (Pacific Time) on Wednesday, placing the worm at the bottom of the company's list of the Top 10 most active viruses.
Maldal.D spreads itself as a file attached to an email with the subject "ZaCker." The body of the message consists of one of several dozen cryptic sentences, such as "nowadays, there is no womanhood!! :P"
If the file is opened, the activated worm attempts to delete files associated with popular antivirus applications, including programs from Symantec, McAfee and Zone Labs. The worm also deletes files with common extensions such as .exe, .doc and .jpg, which could destroy enough critical files to render an infected PC unstable or unusable.
The worm spreads itself by emailing copies of itself to all addresses in the infected PC's Microsoft Outlook address book.
Attacking security software is an old trick, Trilling said, noting that the recent Goner worm employed similar tactics. Such efforts are unlikely to work, however, if the security software is running as it's supposed to.
"If the software is running all the time in the background, it can't easily be deleted," Trilling said.
Business and home PC users were advised to download the latest updates for antivirus software to catch Maldal.D and to reinstall security software to PCs already infected.
For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
23 out of 64 people found this useful
- Share this article:
