Flying low, almost under most people's anti-virus radar, a new group of very sophisticated Internet worms are on the loose.
Each has the ability to upgrade itself via the Internet at any time, and come ominously on the heels of a fresh FBI warning about a new round of denial of service attacks. Although their initial payloads are relatively harmless, potential upgrades may include more destructive payloads or tools that target specific IP addresses to allow a malicious user to enlist the infected machines in a distributed denial of service attack.
Unlike the ILOVEYOU worm which spread around the world in a matter of hours and captured the media's immediate attention, these new worms are spreading slowly with little public attention. They have each had their threat-severity designations upgraded in recent weeks.
Home users who are connected to the Internet via DSL or cable modem connections are especially vulnerable. Unless port monitoring security software, such as ZoneAlarm, is installed, "always on" Internet users may not even notice the outbound traffic from their machines as these worms attempt to contact the Internet. On the other hand, modem-only Internet users, who are not always connected to the Internet, may receive an error message that such-and-such program could not connect to the Internet at start-up.
Either way, it is important for all computer users to keep their anti-virus signature files up-to-date. Users should also automatically scan for viruses on a weekly, if not a daily, basis.
The list of recent Internet worms that bear watching include the following:
While previous worms and Trojan horses have had the ability to connect to the Internet, these new worms have all appeared within a few weeks of each other. They coincide with a recent FBI warning of possible denial of service attacks on popular Web sites sometime during this year's holiday season.
Take me to the Virus Workshop