Shockwave virus appears to do little damage
The newly discovered "Shockwave" virus appears to be doing less damage than
originally feared because corporate users and other intended victims may finally be
getting better at dealing with such threats, security analysts said.
The virus, which disguises itself as a Shockwave file attached to an e-mail message
from someone familiar to the recipient, was first reported last Thursday by several
vendors of antivirus software. For example, Trend Micro Inc., a Japanese antivirus
vendor with U.S. headquarters in Cupertino, Calif., gave the Shockwave virus a
medium-risk rating in an target=NEW>advisory
posted on its Web site.
The virus "is not destructive," but it's spreading quickly because of its ability to
send itself to all users in an Outlook address book, Trend Micro said. Advisories about
the Shockwave virus -- known variously as Shockwave.A, ProLin.A and W32/Prolin@mm --
also were posted by vendors including href="http://www.ca.com/virusinfo/encyclopedia/descriptions/prolina.htm"
target=NEW>Computer Associates International Inc., Network Associates Inc.'s href="http://vil.nai.com/vil/dispVirus.asp?virus_k=98909" target=NEW>McAfee unit
The file containing the virus is named creative.exe, and the e-mail to which it's
attached includes this short message: "Check out this new flash movie that I downloaded
just now . . . It's great. Bye."
When a user doubleclicks on the attachment, the virus copies itself onto the
victim's system and sends new copies of itself via e-mail to all the names contained in
that person's Outlook address book. The virus doesn't delete any files but will move
and rename some graphics and .ZIP files, analysts said.
Though security firms were quick to put the virus in the high-risk category because
of its ability to mass-mail copies of itself, some analysts and antivirus vendors said
the actual damage caused by the virus appears to have been less than expected so far.
"We believe the worst is already over," said Paul Robertson, a senior developer at
TruSecure Corp. in Reston, Va.
Though there were several reports of corporations being infected by the virus late
Friday afternoon and early yesterday morning, the situation has eased considerably
since then, he said.
"It speaks to the fact that administrators are getting used to dealing with these
kinds of threats," Robertson said. For example, he added, users can avoid being
infected by following basic security procedures such as applying all the recommended
patches for the software products they use, regularly updating antivirus software and
blocking certain kinds of attachments from entering corporate networks.
Companies that applied an Outlook patch
target=NEW>released earlier this year by Microsoft Corp. href="/cwi/story/0,1199,NAV47_STO45672,00.html">(see story) would have been
protected against the mass-mailing capabilities of this latest virus, said Ryan
Russell, MIS manager at target=NEW>SecurityFocus.com, a San Mateo, Calif.-based company that operates an
informational Web site on security issues.. "People are getting smarter about dealing
with these kinds of [problems]," Russell said.
But what may also have helped mitigate the damage so far is that the Shockwave virus
appears to be relatively unsophisticated, Russell added. "There is nothing very clever
about this virus at all," he said. "It totally relies upon the user [to propagate
itself]." As long as users don't open suspicious attachments or ones that come from
unknown sources, the ability of the virus to cause damage will remain limited, he said.