When I saw this screensaver, I immediately thought about you.
I am in a harry, I promise you will love it! Attached to the message is what appears to be a screensaver file, Gone.scr, a compressed copy of the worm. When the file is opened, Pentagone will infect the victim's PC, attempt to stop a variety of antivirus and security applications and then, if successful, delete all the files in the folders containing those applications. AtGuard's Personal Firewall, ConSeal's PC Firewall, Kaspersky Lab's AVP, Network Associates' McAfee VirusScan, Symantec's Norton Antivirus and Zone Labs' ZoneAlarm are among the programs that the worm attempts to deactivate. The technique fails to eliminate the security in many instances. Zone Labs claims that, while the user interface component of ZoneAlarm may be deleted, the main program will continue to run. "It is really hard to shut us down," said Gregor Freund, president and chief executive for Zone Labs. "These guys are bloody amateurs. At best, they might delete the help system." Next, the worm opens up a dialog box containing its name, Pentagone, and the handles of its creators. The dialog box also includes acknowledgements to other people on the Net, in a style similar to that of online vandals who deface Web sites. The worm then installs a backdoor program linked to mIRC, a popular Internet Relay Chat program. The backdoor can be used to execute denial-of-service attacks against IRC servers. In addition, the virus attempts to spread using email and ICQ. Antivirus software maker Trend Micro has had about 22 corporate customers complain about the virus and has given it a high threat rating. Because Pentagone cons people into opening the infected file just like dozens of previous viruses, David Perry, global director of education for Trend Micro, has concluded that computer users may never be security-conscious enough to avoid getting infected. "Every time enough time goes by that people forget to be wary of these things, it pops up again," he said. "Apparently, we have to resign ourselves to the fact that education doesn't work." Such PC users are a weak link, through which company networks can be attacked, said Mitch Bartlett, a technical analyst for computing services at business-information provider SPSS. "It hit, and our exchange server actually blocked it because we have antivirus software," he said. "The people who got it were those who were getting their personal mail and their Web mail." Telecommuters and employees checking their personal email infected their work PCs with the worm, which then inundated the internal network with more mail. By the end of the day, Bartlett said, the company had Pentagone under control. "It is no longer troubling us; we have cleaned out everybody," he said. "But I am sure someone will get it tomorrow." Pentagone isn't the only virus spreading significantly. Variants of the Nimda virus and a variant of the BadTrans virus are topping virus charts this month. For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section. For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section. Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum. Let the editors know what you think in the Mailroom. And read other letters.