http://news.cnet.com/news/0-1003-200-8334809.html By David Becker Staff Writer, CNET News.com January 2, 2002, 11:55 a.m. PT A destructive new worm that destroys antivirus software on infected computers was slowly spreading Wednesday. The Maldal.D worm, also known as ZaCker, was written and distributed Dec. 29, according to antivirus software maker Symantec, prompting fears the worm could sneak past security software that wasn't updated over the holiday break. "We always worry when something comes out at the end of the week or over a holiday, when nobody's in their office," said Steve Trilling, director of research at Symantec's Security Response division, which rated Maldal.D as a moderate threat. Maldal.D appeared to be spreading slowly and mainly outside the corporate networks that can turn an infection into an epidemic. "We have seen a bit of an upsurge in submissions today, but most of them are from consumers," Trilling said. "That leads us to believe that a lot of corporations updated their software right away." E-mail screening service MessageLabs reported intercepting about 150 copies of Maldal.D by 11 a.m. Wednesday, placing the worm at the bottom of the company's list of the Top 10 most active viruses. Maldal.D spreads itself as a file attached to an e-mail with the subject "ZaCker." The body of the message consists of one of several dozen cryptic sentences, such as "nowadays, there is no womanhood!! :P" If the file is opened, the activated worm attempts to delete files associated with popular antivirus applications, including programs from Symantec, McAfee and Zone Labs. The worm also deletes files with common extensions such as .exe, .doc and .jpg, which could destroy enough critical files to render an infected PC unstable or unusable. The worm spreads itself by e-mailing copies of itself to all addresses in the infected PC's Microsoft Outlook address book. Attacking security software is an old trick, Trilling said, noting that the recent Goner worm employed similar tactics. Such efforts are unlikely to work, however, if the security software is running as it's supposed to. "If the software is running all the time in the background, it can't easily be deleted," Trilling said. Business and home PC users were advised to download the latest updates for antivirus software to catch Maldal.D and to reinstall security software to PCs already infected. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 09:48:21 PST