ZaCker worm attacks security software

After a quiet holiday away from PC viruses, users returning to work Wednesday were warned by antivirus vendor Symantec Corp. about the slowly spreading Maldal.D worm.

The worm, also known by its subject line, "ZaCker," has the ability to delete data, including system files and antivirus files that haven't been updated to detect it, according to Symantec. The worm spreads by mailing itself to users through Microsoft Corp.'s Outlook e-mail program, according to information on Symantec's Web site. Symantec discovered the worm on Dec. 29.

The content of messages that carry the worm ranges from "If you have an elegant taste" to "For everybody wants to marry a woman that he doesn't love!" Symantec said. Once executed, the worm then deletes various files with suffixes including .INI, .EXE and .JPG.

Symantec has rated the damage potential of the virus as medium, while competing antivirus vendor McAfee.com Corp. has rated it as low risk.

"We have not seen enough (instances of the virus) to upgrade it to medium risk," said April Goostree, virus research manager for McAfee.com.

Several worms that attack antivirus software have appeared in recent months, so McAfee.com suggests customers use a firewall in combination with antivirus software, Goostree said.

Another way to prevent the spread of the worm would be for customers to stop using Outlook, Goostree said. "It's using Outlook and (Outlook) Express to propagate," she said. "It doesn't have the ability to send itself."

Moreover, although using other e-mail applications, such as IBM Corp.'s Lotus Notes or Qualcomm Inc.'s Eudora, would not spread the worm to others, few see straying from Microsoft as an option.

"It's not that practical to people," Goostree said. "Everybody wants to use the same platform."

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies