OT: Win32/Mywife.E@mm

[Jim Holland]

Someone wrote:

> > > Naturally as long as everything is up to date things should be ok.
> > > People don't really know that a virus is going to happen before it does
> > > do they?
 
> > Only if the bug has a timer/date trigger in them.  They get installed,
> > then lie in wait, and BAM do nasty things later.  Once detected early,
> > we effectively reverse engineer the virus code, know that the virus will
> > trigger in the future, thus know it's going to happen before. Once users
> > update their scanning softs they can be assured the bug will be
> > eradicated before they trigger.
 
> > The media is a funny animal, they latch onto these bugs seemingly at
> > random, spreading doom and gloom, when we techs know that new bugs are
> > a daily occurrence, and are quickly and quietly squished by anti-virus
> > community.

Of course the media loves to hype these things, but I think that this was
a valid case for some extra attention.  Not only was the worm particularly
destructive (just one single infected machine on a network could have
destroyed all files in a shared folder on a file server that the machine
had access to), but early copies did manage to get through the virus
scanners and MailScanner itself.  I have not come across that situation 
since the Bagle worm with its password-protected zip files.

Because we log the attachments that are sent to users we were able to
determine that 6 of our 2500 members had received copies of the virus in
uuencoded form.  One of those 6 then opened the attachment with WinZip and
got infected as a result.  Fortunately we were able to clean up their
infection before Friday, so no damage was done.

I think the media hype was a useful wakeup call to ordinary users to get 
them to update their antivirus software and to keep backups on separate 
media.

Regards

Jim Holland
System Administrator
MANGO - Zimbabwe's non-profit e-mail service