Vote is "clearly a message that's trying to prey on people," he said, adding that "it might have some success" given recent events and the possibility that users will confuse it with a benign PowerPoint presentation about New York that's making the rounds. Though McAfee products have been able to detect the worm via heuristics for a while, the company will also release an update to block it soon, he said. When antivirus programs are run in heuristics mode, they can block code that shares characteristics with malicious code, even if the antivirus program does not have a specific definition for the code it's blocking.
Whether the worm takes hold and infects many PCs will depend on home users, as corporate networks are likely well-protected against infection, he said.
Vote is not yet widespread, though it only began showing up Monday morning, CA's Hameroff said. Infections by the virus can be prevented if users do not open attachments or if companies filter .exe attachments so that they are not allowed into the corporate network.
"If any company is allowing executable files past their servers and into their environment, this is a key time to reevaluate that policy," Hameroff said.
CA does not yet have an update to its my-eTrust.com antivirus service to fight Vote, but expects to post one later today, he said.
Computer Associates, based in Islandia, New York, can be reached at +1-516-342-5224 or at http://www.ca.com/.