S'pore banks escape virus attacks

SINGAPORE--Financial institutions in Singapore have so far been immune to the recent epidemic of three viruses, namely the Code Red Worm, W32.SirCam.Worm@mm and W32.Leave.B.Worm.

Six locally-based banks said that they were "unaffected" by any of these viruses.

The banks were Keppel TatLee Bank, CitiBank, United Overseas Bank (UOB), Overseas Union Bank (OUB), Overseas Chinese Banking Corporation (OCBC) and Maybank.

However, the largest local bank, Development Bank of Singapore (DBS), and HSBC failed to disclose by press time if the viruses have affected their IT infrastructure.

Among the three viruses, Code Red has so far claimed the most victims. To date, almost 100,000 Web servers have been infected.

Code Red is an Internet worm that takes advantage of a security flaw in Microsoft software to deface sites. The worm could also help hackers identify infected computers and gain control of them, as earlier reported.

According to the report, the virus may have been launched from China. The self-spreading program infects servers using unpatched versions of Microsoft's Internet Information Server software and defaces the Web Sites hosted by the server.

The second virus, W32.Leave.B.Worm, disguises itself as a Microsoft security alert.

According to Symantec's Web site, the virus is sent via email with the subject "Microsoft Security Bulletin MS01-037", and message "The following is a Security Bulletin from the Microsoft Product Security Notification Service".

The bogus bulletin dramatically declares that "the Internet has seen one of the first of its downfalls" and goes on to mention the virus which has "the complexity to destroy data like none seen before."

Users are encouraged to protect their systems by downloading and installing an attached "security patch" from a linked Web site, which resembles that of Microsoft--the patch has since been removed from the hosted site.

The most recent of the computer scourges is called W32.SirCam.Worm@mm and, this virus "attempts to send itself and random documents to all users found in various email address books, including Outlook," Symantec said in a statement this afternoon.

W32.SirCam.Worm@mm "searches for Microsoft Office documents in the Personal/Desktop directories and attaches itself to one at random. It then mails itself and the file as one attachment to everyone in the address book," the statement added.

"The subject line of the email is the name of the file that the worm has attached itself to and distributed."