Worm targets security software

By David Becker
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: "Pentagone" virus tours Europe
December 5, 2001; Worm hits home for the holidays
November 27, 2001; Security experts see nastier worms
October 18, 2001

A destructive new worm that destroys antivirus software on infected computers was slowly spreading Wednesday.

The Maldal.D worm, also known as ZaCker, was written and distributed Dec. 29, according to antivirus software maker Symantec, prompting fears the worm could sneak past security software that wasn't updated over the holiday break.

"We always worry when something comes out at the end of the week or over a holiday, when nobody's in their office," said Steve Trilling, director of research at Symantec's Security Response division, which rated Maldal.D as a moderate threat.

Maldal.D appeared to be spreading slowly and mainly outside the corporate networks that can turn an infection into an epidemic.

"We have seen a bit of an upsurge in submissions today, but most of them are from consumers," Trilling said. "That leads us to believe that a lot of corporations updated their software right away."

E-mail screening service MessageLabs reported intercepting about 150 copies of Maldal.D by 11 a.m. Wednesday, placing the worm at the bottom of the company's list of the Top 10 most active viruses.

Maldal.D spreads itself as a file attached to an e-mail with the subject "ZaCker." The body of the message consists of one of several dozen cryptic sentences, such as "nowadays, there is no womanhood!! :P"

If the file is opened, the activated worm attempts to delete files associated with popular antivirus applications, including programs from Symantec, McAfee and Zone Labs. The worm also deletes files with common extensions such as .exe, .doc and .jpg, which could destroy enough critical files to render an infected PC unstable or unusable.

The worm spreads itself by e-mailing copies of itself to all addresses in the infected PC's Microsoft Outlook address book.

Attacking security software is an old trick, Trilling said, noting that the recent Goner worm employed similar tactics. Such efforts are unlikely to work, however, if the security software is running as it's supposed to.

"If the software is running all the time in the background, it can't easily be deleted," Trilling said.

Business and home PC users were advised to download the latest updates for antivirus software to catch Maldal.D and to reinstall security software to PCs already infected.

Latest tech news headlines

Tech's next step: More M&A?
Posted in Coop's Corner by Charles Cooper

October 10, 2008 12:33 PM PDT
Cut road trips in half with MeetWays
Posted in Webware by Josh Lowensohn

October 10, 2008 12:32 PM PDT
Uncov returns to heap scorn on tech companies
Posted in Webware by Rafe Needleman

October 10, 2008 12:14 PM PDT
See all headlines

Resource center from News.com sponsors

What Do You Get With Your Hosting Provider?

The Rackspace Essential Server

It's a server that automatically comes with unlimited support never outsourced, and a world-class network & data centers with solid guarantees all working for your business. We are here 24x7x365 Live

Unlimited, 24x7x365 Live Support

It means customer support with no call centers or automated phone systems

100% Network Uptime Guarantee

Can you afford for your website to offline? Can you trust your current provider?

The Manageable Green Hosting Solution

Choose a green configuration or customize one that works for your business.

The Fanatical Support Promise

Your complete satisfaction is our sole ambition. Anything less is unacceptable.

Certified Windows or Red Hat Expertise

Every customer has a dedicated team of experts managing your IT critical needs.

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Week in review: Tech stocks tumble
Of course it wasn't just technology stocks that took a dive this week, but industry leaders are doing some serious worrying about what lies ahead.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Technically Incorrect
Why a new $800 Apple laptop had better be pretty
If Apple does launch an $800 laptop next week, the design will, as usual, be the crucial factor.
Coop's Corner
Tech's next step: More M&A?
The last time Silicon Valley got hit by this kind of a financial storm, it remade itself and emerged stronger. Will Darwin apply this time around as well?
Video
Sprint launches Xohm WiMax
News - Wireless
China Mobile plans R&D facility in Silicon Valley
Cell phone carrier says it recognizes that data services are the future, and it's looking to Silicon Valley for innovation, according to a news report.
Video
Talking with Newt Gingrich on tech, bailout
The Social
A financial wreck can't keep good Web developers down
Far from Wall Street, attendees of London's Future of Web Apps conference aren't panicking about the economy. Is it entrepreneur's pluck or old-fashioned naivete?
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Messenger returns to Mercury
Crave
Running rodent measures typing speed
USB Mice Wheel responds to your typing speed.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."