Russian firm warns of Roron virus

• Tags:
• Viruses,
• Roron,
• Kaspersky Labs

Published: 07 Nov 2002 10:49 GMT

• 
• 
• 
• 
• 

A Russian antivirus company on Wednesday warned that a new virus could help hackers gain control of home computers, but other security companies downplayed the threat.

Kaspersky Labs has named the virus, or worm, Roron, and it is known as Oror.B by several other companies. The new computer virus can spread through email messages, shared hard drives and the Kazaa file-sharing network, Kaspersky Labs spokesman Denis Zemkin said.

"We see that this worm is particularly dangerous for home users," Zemkin said. "Corporate customers are already aware of the danger of attachments", and are unlikely to open the file containing the program.

Kaspersky Labs sent out an advisory on Roron that rated the virus a "high danger" because of the various ways the program can spread. The company also cited the worm's goal of enabling online vandals to use a victim's PC as a platform from which to launch attacks. Each copy of the virus contains several hacker tools that let an infected computer be controlled by way of messages from Internet relay chat (IRC). With the IRC messages, online vandals could launch a denial-of-service attack, which unleashes a deluge of data at a computer or router, flooding the device's bandwidth and cutting it off from the Internet.

Security company Symantec, however, said it will most likely rate Roron as only a two on its threat scale of five, said Sharon Ruckman, senior director of Symantec's security response group.

"We haven't had any reports in the US of this virus yet," Ruckman said, adding that the company's clients in Europe had seen very few copies. "We'll watch it."

Kaspersky Labs' clients are mainly European, with a strong concentration in the nations that once made up the Soviet Union.

Email service provider MessageLabs said Roron didn't appear on its Top 10 list of malicious attachments, a list the UK-based company culls from the messages it filters on behalf of clients. The lowest scoring virus on that list, Yaya.c, only represented 77 attachments in the last 24 hours.

The Roron virus is the latest of five variants of an email worm that appeared in August and is known by most companies as Oror. Kaspersky Labs believes Roron was created in Bulgaria, because several words found in the worm's code are written in that language.

Once Roron infects a system, it spreads by creating email messages with different subject lines and different names for the attached file that carries the worm.

Once opened, Roron copies itself to several folders, including those used to share music files in the Kazaa network, as well as to any shared hard drives on a network. In that way, the virus resembles another worm that began spreading through the Kazaa network in May.

Finally, Roron installs a backdoor program onto the PC that lets remote attackers run attack tools.

Kaspersky Labs believes that if the virus becomes popular it will quickly burn itself out, said Zemkin.

"I don't think it will be long infection, like the Klez (virus)," Zemkin said.

---

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed

• Most Recent
• Most Popular