ZaCker worm attacks security software

By Douglas F. Gray, IDG News Service |  Security

After a quiet holiday away from PC viruses, users returning to work Wednesday were warned by antivirus vendor Symantec Corp. about the slowly spreading Maldal.D worm.

The worm, also known by its subject line, "ZaCker," has the ability to delete data, including system files and antivirus files that haven't been updated to detect it, according to Symantec. The worm spreads by mailing itself to users through Microsoft Corp.'s Outlook e-mail program, according to information on Symantec's Web site. Symantec discovered the worm on Dec. 29.

The content of messages that carry the worm ranges from "If you have an elegant taste" to "For everybody wants to marry a woman that he doesn't love!" Symantec said. Once executed, the worm then deletes various files with suffixes including .INI, .EXE and .JPG.

Symantec has rated the damage potential of the virus as medium, while competing antivirus vendor McAfee.com Corp. has rated it as low risk.

"We have not seen enough (instances of the virus) to upgrade it to medium risk," said April Goostree, virus research manager for McAfee.com.

Several worms that attack antivirus software have appeared in recent months, so McAfee.com suggests customers use a firewall in combination with antivirus software, Goostree said.

Another way to prevent the spread of the worm would be for customers to stop using Outlook, Goostree said. "It's using Outlook and (Outlook) Express to propagate," she said. "It doesn't have the ability to send itself."

Moreover, although using other e-mail applications, such as IBM Corp.'s Lotus Notes or Qualcomm Inc.'s Eudora, would not spread the worm to others, few see straying from Microsoft as an option.

"It's not that practical to people," Goostree said. "Everybody wants to use the same platform."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question