Braid virus winds its way through email
Published: 05 Nov 2002 09:16 GMT
A new mass-mailing computer virus known as W32.Braid has slowly spread among PCs over the weekend, said UK email service provider MessageLabs.
Although the company has seen only 43 copies of the virus -- indicating an extremely slow start -- W32.Braid shares some attributes of the widely spread Klez family of viruses and could have similar success. Among the similarities, both viruses forge a fake sender address in the emails they use to propagate themselves, which makes finding infected PCs more difficult.
The Klez.h variant of the Klez virus has sent out millions of email messages with a copy of itself attached. Since it was first placed on the Internet in April, the virus has topped the charts of malicious email attachments found by antivirus firms and email service providers, which filter junk email for companies and also zap messages that have viruses attached.
W32.Braid, also known as PE.Brid, can spread to PCs running any version of Microsoft Windows. People who use Microsoft Internet Explorer 5.01 and 5.5 may find that their computers automatically become infected, because Braid uses an old flaw in Internet Explorer to automatically execute the attachment that carries it when the email message is viewed. Patching the program with Service Pack 2 will solve the problem, Network Associates said in its advisory on the virus.
Like Klez, Braid contains its own email engine, so once it infects a computer, it doesn't need to use an email client, such as Outlook, to spread. The virus will also attempt to infect any program, as well as screen saver files. So far, though, antivirus researchers believe that Braid simply spreads itself, and doesn't actually destroy data.
While many of the tactics Braid uses to spread resemble those used by the Klez family, the program itself seems closer to a more famous virus, LoveLetter. Antivirus software from Network Associates and rivals Symantec and Trend Micro all detect Braid as a variant of FunLove, a close relative of LoveLetter.
Because the virus is already detected by all major antivirus software, the application makers have labelled Braid a fairly minor danger.
Network Associates has rated Braid a low-priority threat, while Trend has rated the virus a medium risk, and Symantec has given the worm a two out of five, with five being the most severe.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
34 out of 68 people found this useful
- Share this article:
