Shockwave virus appears to do little damage
THE NEWLY DISCOVERED "Shockwave" virus appears to be doing less damage than originally feared because corporate users and other intended victims may finally be getting better at dealing with such threats, security analysts said.
The virus, which disguises itself as a Shockwave file attached to an e-mail message from someone familiar to the recipient, was first reported last Thursday by several vendors of antivirus software. For example, Trend Micro, a Japanese antivirus vendor with U.S. headquarters in Cupertino, Calif., gave the Shockwave virus a medium-risk rating in an advisory posted on its Web site.
The virus "is not destructive," but it's spreading quickly because of its ability to send itself to all users in an Outlook address book, Trend Micro said. Advisories about the Shockwave virus-known variously as Shockwave.A, ProLin.A, and W32/Prolin@mm also were posted by vendors including Computer Associates International, Network Associates's McAfee unit, and F-Secure.
The file containing the virus is named creative.exe, and the e-mail to which it's attached includes this short message: "Check out this new flash movie that I downloaded just now ... It's great. Bye."
When a user doubleclicks on the attachment, the virus copies itself onto the victim's system and sends new copies of itself via e-mail to all the names contained in that person's Outlook address book. The virus doesn't delete any files, but will move and rename some graphics and .zip files, analysts said.
Though security companies were quick to put the virus in the high-risk category because of its ability to mass-mail copies of itself, some analysts and antivirus vendors said the actual damage caused by the virus appears to have been less than expected so far.
"We believe the worst is already over," said Paul Robertson, a senior developer at TruSecure in Reston, Va. Though there were several reports of corporations being infected by the virus late Friday afternoon and early Monday morning, the situation has eased considerably since then, he said.
"It speaks to the fact that administrators are getting used to dealing with these kinds of threats," Robertson said. For example, he added, users can avoid being infected by following basic security procedures such as applying all the recommended patches for the software products they use, regularly updating antivirus software, and blocking certain kinds of attachments from entering corporate networks.
Companies that applied an Outlook patch released earlier this year by Microsoft would have been protected against the mass-mailing capabilities of this latest virus, said Ryan Russell, MIS manager at SecurityFocus.com, a San Mateo, Calif.-based company that operates an informational Web site on security issues. "People are getting smarter about dealing with these kinds of [problems]," Russell said.
But what may also have helped mitigate the damage so far is that the Shockwave virus appears to be relatively unsophisticated, Russell added. "There is nothing very clever about this virus at all," he said. "It totally relies upon the user [to propagate itself]." As long as users don't open suspicious attachments or ones that come from unknown sources, the ability of the virus to cause damage will remain limited, he said.