-In recent years, some highly dangerous viruses have appeared in August
-Despite reduced business activity, virus incidents are just as prevalent and users should continue to take precautions
GLENDALE,CA August 10, 2005
During August, when many people are on holiday and business work rates are notably reduced, virus creators are still as busy as ever, creating even more dangerous examples of malware.
In recent years, the month of August has seen a series of alerts caused by the propagation of malicious code, which have in some cases caused serious damage to IT systems. August 2001, for example, witnessed the appearance of Sircam, a worm hidden in an email message with the text “Hi, how are you?.” This worm spread rapidly, as it automatically sent itself to all contacts in the address book of infected computers, copying itself to all Windows NT workstations in a network. In addition, Sircam steals private user data, eats up hard disk space and deletes information on the disk. Also in August 2001, the CodeRed worm appeared, spreading across computer networks and targeting in particular Index Server 2.0, Indexing Service and Internet Information Server (versions 4.0 and 5.0).
Users also suffered greatly at the hands of viruses in August 2003. This was the time in which Mimail (August 4), Blaster (August 12) and Sobig.F (August 20) appeared. Of these, the Blaster worm (with a series of variants in the same month) caused the most damage, affecting computers running Windows 2003/XP/2000/NT that had not patched a vulnerability known as “Buffer Overrun In RPC Interface.” This also led to the appearance of Nachi.A (August 18), “the law-enforcing worm,” which used the same propagation techniques as Blaster, and then removed the latter from infected computers and corrected the RPC DCOM vulnerability that had allowed both worms to spread, downloading the corresponding patch.
Last summer was also a black period, with Bagle.AH, Mydoom.N and Bagle.AM causing many security companies to raise the alert. Of these, Mydoom.N was the most significant because of the way it used the leading Internet search engines (Google, Altavista, Lycos, Yahoo) to search for email addresses to target. This same month also saw the appearance of the first viruses for 64-bit platforms.
In the current month, we have seen the first concept trials for a virus for a new command shell included in the Windows Vista beta code. According to Luis Corrons, director of PandaLabs, “In these months, when business activity decreases, many people drop their guard, and this circumstance is exploited by malware creators. For this reason, it is essential that businesses are just as alert as ever, if not more so, implementing security policies and keeping systems up-to-date”.
About PandaLabs
Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients save. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent™ Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users (more info at http://www.pandasoftware.com/pandalabs.asp).