MTX virus gaining speed in unusual ways

By Ashlee Vance, IDG News Service |  Network access control, Network access control

THE 3-MONTH-OLD MTX virus appears to be gaining speed, with several anti-virus vendors escalating the pesky bug to a medium-level threat in recent weeks. The increased worries stem from a particularly harmful feature in which the virus blocks users from anti-virus Web sites, stopping them from downloading virus protection updates and from issuing warnings.

Michael Callahan, director of product marketing at McAfee, a division of Santa Clara, Calif.-based Network Associates, said MTX first appeared in late August, originating in Germany. At the time of its discovery, McAfee's Anti-Virus Emergency Response Team (AVERT) labeled the virus a low threat, but McAfee upgraded it to the medium level after about 32 users reported an MTX attack.

"We made it a medium threat about two to three weeks ago as we see the number of samples increasing," Callahan said. "Mostly we see corporate users being hit."

The virus proves troublesome by changing its subject header and attachment file names and by blocking users from anti-virus vendors' Web sites. MTX spreads via a user's Microsoft Outlook applications with varying attachment names, such as Bill_Gates_piece.jpg.pif, I_am_Sorry.doc.pif, Internet_Security_Forum.doc.pif, and New_Playboy_Screen_Saver.scr. When a user clicks on one of these attached files, the virus begins spreading its evil ways.

Besides coming up with catchy attachment names, the author of MTX made sure that many of the best-known anti-virus vendors' Web sites became inaccessible to users once they launched the devious files. McAfee.com, Symantec, and Sophos all had parts of their sites blocked from users along with a number of other vendors. For Network Associates' McAfee division, however, users could still access the AVERT lab's Web site and McAfee's corporate virus protection site.

McAfee will continue to monitor the virus but does not see it as a major threat just yet.

"If people don't have up-to-date DAT protection as it starts to spread, it could spread a little bit faster," Callahan said. "But people are paying more attention to keeping DAT files up to date these days."

More information about the virus is available on AVERT's Web site at www.avertlabs.com.

Ashlee Vance is a San Francisco-based reporter at IDG News Service, an InfoWorld affiliate.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Network access controlWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question