LONDON - GFI, a developer of e-mail content checking and anti-virus gateway software, has discovered a hazardous new e-mail virus that it named the Romeo & Juliet virus.
The virus is transported by an HTML e-mail containing malicious code, an executable file called My Romeo and a compiled help file (.chm) called My Juliet.
The Romeo & Juliet virus takes advantage of an exploit described by Georgi Guninski. The HTML code automatically runs an executable file. It then spreads across the Internet by connecting to a number of open relay sites.
"The Romeo & Juliet virus takes e-mail viruses to alarming new dimensions, as it cannot be detected by anti-virus programs," said Nick Galea, CEO of GFI. "It seems to rely on HTML scripts to run an executable file without user intervention. The only way to protect your network against the Romeo & Juliet virus is to block it at server level using a content checking e-mail gateway like Mail essentials, which can be set to filter all mails containing HTML scripts, as well as .chm and .exe attachments."
Newly discovered in the wild, Romeo & Juliet comes hot on the heels of the Hybris worm that made the news earlier this week. Although described as being relatively harmless by anti-virus companies, the Hybris worm is highly sophisticated in format and can update itself as it spreads, with the potential to download dangerous components in the process. In such a case, the Hybrid worm, which is transmitted as an e-mail attachment, could cause untold damage if activated.
"The e-mail viruses emerging today are becoming more complex and are proving ever harder for traditional anti-virus programs to safeguard against. It is no longer enough to rely on anti-virus software alone for protection against e-mail viruses and attacks. Organizations should invest in multi-layered e-mail security to have both anti-virus and content checking filters at server level," Galea explained.
More information about Mail essentials for Exchange/SMTP and a free evaluation version can be found here.