Goner-A: How far will it spread?

The IT industry is waiting to find out whether Goner-A will prove as damaging as the Love Bug, Nimda and other viruses that have...

The IT industry is waiting to find out whether Goner-A will prove as damaging as the Love Bug, Nimda and other viruses that have caused so much havoc recently.

Sal Viveros, director of marketing at antivirus software vendor McAfee, told CW360.com that Goner-A is "the most widespread virus we have seen since the Love Bug. Hundreds of thousands [of users] have been hit."

The worm has forced some large companies to take down their e-mail servers, he added.

Graham Cluley, senior technology consultant at antivirus vendor Sophos, said Goner-A is serious. "It is still spreading, but it was fairly quiet in the Far East overnight and we hope it will not be as bad as the Love Bug," he said.

Kathryn Kerr, threat assessment manager at Australia's Computer Emergency Response Team, agreed. "We have seen a certain level of activity, but few reports of infections among our members," she said.

The [email protected] or Goner worm is disguised as a screensaver that comes attached to an e-mail message. When the recipient opens the attachment, the worm activates and seeks out any locally installed antivirus and personal firewall software. The worm then attempts to erase all the files in the directory where the software is installed. It can also spread through file attachments sent by instant messaging systems.

Viveros spoke for many IT departments when he expressed frustration that users are still clicking on potential viruses, despite years of education. "Perhaps it is just human nature," he said. "If people haven't been hit by a virus for a few months, their guard goes down."

David Perry, director of education at security vendor Trend Micro, said: "Some people have the idea that viruses are big and dramatic, so they intentionally download viruses and click on them because they want to see what it is capable of doing."

Cluley agreed: "Goner-A relies on the bug in people's brains, not on bugs in e-mail programs. Maybe some people have learnt from previous viruses, but an awful lot of users still haven't. Maybe we are assuming too much."

He urged companies to go beyond issuing security policies to their staff and to step up basic training in the safe operation of e-mail. Cluley also called for more direct action from IT departments.

"There is no reason for anyone in your organisation to get a screensaver from outside the organisation or to get a VBS script. They should be blocked at the gateway. That way you don't have to wait for your antivirus vendor to issue an update," he said.

For companies where this is not possible, McAfee has launched a managed security service. "Small and medium-sized businesses don't have the resources to deal with the constant flow of viruses and security patches," said Viveros. "We believe managed services offer them enhanced security."

Read more on Antivirus, firewall and IDS products