The creators of the Bofra worm, a variant of MyDoom, which was released last week, have devised a way to bypass anti-virus gateway security, according to security company ClearSwift.
The virus uses the iFrame security hole in Internet Explorer. Microsoft has issued a patch to fix this hole and Windows XP Service Pack 2 blocks the vulnerability that Bofra exploits.
But Phil Cracknell, chief technology officer at security firm netSecurity, said IT departments would find it hard to speed up deployment of SP2 because of potential conflicts with applications.
Bofra installs small web servers on infected PCs. These send out e-mail messages that contain no attachments or malicious script code, but have a simple web link to the infected machine. This means e-mails pass through anti-virus gateways unhindered.
If a user clicks on the link, the browser opens up the HTML page being run on the infected PC, which contains a virus program. This causes a buffer overflow, which allows the virus to install and run a web server on the infected machine.
Pete Simpson, ThreatLab manager at Clearswift, said this mode of operation made it very difficult for ISPs to stop a Bofra-type virus.
Microsoft advance advice >>
Multi-layered security is vital >>