(This is the Online column written for The Southland Times)
With so many worms, Trojans, viruses and other nasties lurking online these days it’s more important than ever to make sure your anti-virus software is up to date and to keep yourself educated on what these little suckers are capable of, and what they are likely to look like if (or more likely when) one drops into your inbox.
Symantec’s Security Response site is a good starting point, with more virus information that you can shake a mouse at.
The current top threats are listed with a grading ranging from 1 to 5. The top 4 most unwanted are:
W32.Bugbear.B@mm
This is a variant of the earlier Bugbear worm. This mass mailing beastie sends itself on to harvested from the inbox, as well as in the files with the following extensions: .mmf, .nch, .mbx, .eml, .tbb, .dbx, .ocs. It also logs keystrokes, may allow unauthorised access to your computer and tries to stop various antivirus and firewall programs. It can reply to or forward an existing e-mail or even create a new one with any one of almost 50 subject lines.
Bugbear.B is a category 4 in the top nasties list.
W32.Klez.H@mm
A modified variant of the old Klez.E, this spreads by e-mail and via networks and is also capable of infecting files. It infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted but contains no viral data. The name of the hidden file is the same as the original but with a random extension.
It searches the Windows address book, ICQ database and anywhere else you might have addresses stored looking for its next batch of victims. It then sends e-mails to any addresses found, with itself as an attachment. It may also send on confidential information from your computer., and is another category 4 threat.
W32.Sobig.C@mm and W32.Sobig.B@mm
Both these mass-mailing worms swipe address from your computer and send themselves on to more unsuspecting victims. The offending e-mail message makes itself appear to be from Microsoft.
Sobig.B deactivated on May 31 and Sobig.C on June 8 but no doubt there’s a Sobig.D waiting in the wings. These were both rated 3 on the nasties scale.
W32.HLLW.Fizzer@mm
Yet another mass-mailer, Fizzer tries to send itself to all addresses in your address book, has a backdoor capability that uses mIRC to communicate with a remote attacker, has a keyboard logger, tries to spread through the KaZaa file-sharing network and does its best to disable your antivirus software. Fizzer is another category 3 threat.
However, fake virus warnings from well-meaning friends can also be damaging. The sulfnbk.exe and JDBGMGR.exe are both common subjects of virus warnings I receive in my inbox, and both are completely innocent, but legitimate, Windows operating system files. The JDBGMGR.exe debacle started a year later and I’m still receiving regular warnings about this one. It’s not a virus, don’t delete it.