The IT industry is waiting to find out whether Goner-A will prove
as damaging as the Love Bug, Nimda and other viruses that have
caused so much havoc recently.
Sal Viveros, director of marketing at antivirus software vendor
McAfee, told CW360.com that Goner-A is "the most widespread virus
we have seen since the Love Bug. Hundreds of thousands [of users]
have been hit."
The worm has forced some large companies to take down their e-mail
servers, he added.
Graham Cluley, senior technology consultant at antivirus vendor
Sophos, said Goner-A is serious. "It is still spreading, but it was
fairly quiet in the Far East overnight and we hope it will not be
as bad as the Love Bug," he said.
Kathryn Kerr, threat assessment manager at Australia's Computer
Emergency Response Team, agreed. "We have seen a certain level of
activity, but few reports of infections among our members," she
said.
The W32.Goner.A@mm or Goner worm is disguised as a screensaver that
comes attached to an e-mail message. When the recipient opens the
attachment, the worm activates and seeks out any locally installed
antivirus and personal firewall software. The worm then attempts to
erase all the files in the directory where the software is
installed. It can also spread through file attachments sent by
instant messaging systems.
Viveros spoke for many IT departments when he expressed frustration
that users are still clicking on potential viruses, despite years
of education. "Perhaps it is just human nature," he said. "If
people haven't been hit by a virus for a few months, their guard
goes down."
David Perry, director of education at security vendor Trend Micro,
said: "Some people have the idea that viruses are big and dramatic,
so they intentionally download viruses and click on them because
they want to see what it is capable of doing."
Cluley agreed: "Goner-A relies on the bug in people's brains, not
on bugs in e-mail programs. Maybe some people have learnt from
previous viruses, but an awful lot of users still haven't. Maybe we
are assuming too much."
He urged companies to go beyond issuing security policies to their
staff and to step up basic training in the safe operation of
e-mail. Cluley also called for more direct action from IT
departments.
"There is no reason for anyone in your organisation to get a
screensaver from outside the organisation or to get a VBS script.
They should be blocked at the gateway. That way you don't have to
wait for your antivirus vendor to issue an update," he said.
For companies where this is not possible, McAfee has launched a
managed security service. "Small and medium-sized businesses don't
have the resources to deal with the constant flow of viruses and
security patches," said Viveros. "We believe managed services offer
them enhanced security."