Experts play down Nolor worm threat

A new 'garden variety' worm is spreading on the Internet, but infection levels are remaining low - partly because users are getting smarter about attachments

Antivirus companies have played down the threat from the Nolor (aka Cailont) mass-mailing email worm -- a "garden variety" virus that spreads by sending itself to Windows address book entries through an executable attachment.

The worm had received the highest distribution rating from Symantec, despite low levels of infections. The high rating was given to the virus because it has the capacity to spread rapidly, John Donovan, managing director of Symantec in Australia and New Zealand, told ZDNet Australia.

"We're not seeing a great infection rate... the ratings are set (according to) the ability of the virus or worm has to send itself out," he said.

One of the reasons the mass-mailer isn't spreading rapidly is because users have finally learned not to open executable attachments, Donovan says.

"It's a combination of technology and policy... most people know they shouldn't execute it. In that way we've almost won the policy war," he added.

The head of technology, Asia Pacific, for Sophos antivirus, Paul Ducklin, says the new virus is nothing to get alarmed about; it's just another mass mailer.

"We have had one copy of the virus reported to us... keep in mind there are several hundred new viruses a month," he said.

The virus tries to tempt users into opening attachments through a number of different subjects. Some of the seem a little odd, such as "run File Attach to extract:BinladenSexy.jpg..." and "The Sexy story and 4 sexy picture of BINLADEN !".

"Sometimes viruses spread for reasons that you couldn't possibly think of... the run of the mill viruses do have a harder time," Ducklin said.

As for infections among government and corporate interests, he said it's unlikely in this case because most larger organisations automatically block executable attachments, but it "depends on whether their following best practice or not".

"It's much less likely to get in (but) many people do allow all types of attachments," he said.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All