Shockwave virus appears to do little damage

By Jaikumar Vijayan, Computerworld |  Security

The newly discovered "Shockwave" virus appears to be doing less damage than
originally feared because corporate users and other intended victims may finally be
getting better at dealing with such threats, security analysts said.

The virus, which disguises itself as a Shockwave file attached to an e-mail message
from someone familiar to the recipient, was first reported last Thursday by several
vendors of antivirus software. For example, Trend Micro Inc., a Japanese antivirus
vendor with U.S. headquarters in Cupertino, Calif., gave the Shockwave virus a
medium-risk rating in an target=NEW>advisory
posted on its Web site.

The virus "is not destructive," but it's spreading quickly because of its ability to
send itself to all users in an Outlook address book, Trend Micro said. Advisories about
the Shockwave virus -- known variously as Shockwave.A, ProLin.A and W32/Prolin@mm --
also were posted by vendors including href="http://www.ca.com/virusinfo/encyclopedia/descriptions/prolina.htm"
target=NEW>Computer Associates International Inc., Network Associates Inc.'s href="http://vil.nai.com/vil/dispVirus.asp?virus_k=98909" target=NEW>McAfee unit
and F-Secure
Corp.

The file containing the virus is named creative.exe, and the e-mail to which it's
attached includes this short message: "Check out this new flash movie that I downloaded
just now . . . It's great. Bye."

When a user doubleclicks on the attachment, the virus copies itself onto the
victim's system and sends new copies of itself via e-mail to all the names contained in
that person's Outlook address book. The virus doesn't delete any files but will move
and rename some graphics and .ZIP files, analysts said.

Though security firms were quick to put the virus in the high-risk category because
of its ability to mass-mail copies of itself, some analysts and antivirus vendors said
the actual damage caused by the virus appears to have been less than expected so far.

"We believe the worst is already over," said Paul Robertson, a senior developer at
TruSecure Corp. in Reston, Va.
Though there were several reports of corporations being infected by the virus late
Friday afternoon and early yesterday morning, the situation has eased considerably
since then, he said.

"It speaks to the fact that administrators are getting used to dealing with these
kinds of threats," Robertson said. For example, he added, users can avoid being
infected by following basic security procedures such as applying all the recommended
patches for the software products they use, regularly updating antivirus software and
blocking certain kinds of attachments from entering corporate networks.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question