Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

Worm Threat Appears to be Contained

Klez.e worm was set to spread on Wednesday, but damage seems to be minimal.

Brian Sullivan, Computerworld

  • 0 Yes
  • 0 No

Symantec says it considers the Klez.e worm a relatively low threat, though a spokesperson says the company has received many calls from clients who have encountered it.

The worm was set to cause havoc on Wednesday, according to several well-publicized alerts. But for the most part, damage doesn't seem to be widespread. Nonetheless, Symantec upgraded the risk factor from a level two to a three out of a possible five because so many clients had encountered it.

The worm can delete files, halt the work of security programs, and spread itself when an infected e-mail is opened. According to Symantec's alert, the worm exploits a vulnerability in Microsoft Outlook and Outlook Express as it tries to execute itself when a message is opened in which it is contained.

While there seems to heightened public awareness of these kind of attacks, Vincent Weafer, a senior director at Cupertino, California-based Symantec, says there aren't many more viruses or worms than in recent years. About seven new viruses or worms enter the world every day, which is only up from five per day a few years ago.

"It is increasing very slowly," Weafer says. "At any given time there are between 200 to 250 viruses in the wild. But [the numbers] have been growing very slowly over the last couple of years."

Lasting Longer

Weafer says the greater connectivity and the widespread use of Digital Subscriber Lines tend to lead to the perception that there are more attacks being launched than ever before. He says that because there are more people using the global connectivity of the Web, viruses tend to hang around longer, which also leads to the perception that there are more of them.

As for why so many worms seem to target Outlook, he says it's a simple case of "hammering a known vulnerability." As more people deploy patches, attackers will use other paths. He also thinks that more attackers will rely less on social engineering to spread viruses and try to make the viruses themselves look for ways to spread.

The Klez.e worm's use of its Simple Mail Transfer Protocol engine is an example of this, Weafer says.

Marty Lindner, team leader for incident handling at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, says he hasn't heard much about the Klez.e worm. CERT hasn't issued an alert or a bulletin, he says.

Computerworld
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.

  • Recommend this story?
  • 0 Yes
    0 No
  • Great year-end deals
    for small business!

  • Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!

    Learn more

  • HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!

    Learn more

  • *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.

Dell End of Year Deals

People who read this also read:

Sponsored Links