Little Davinia worm wipes company data

Antivirus companies say destructive worm has been squashed, but for at least four European organisations it is too late

At least four European companies have reported catastrophic loss of data after a malevolent worm dubbed Little Davinia burrowed its way into their respective networks, according to antivirus firm Panda.

Panda says the worm activates after tricking a victim into downloading an executable file through a Web page and overwrites all locally stored data as well as files on network drives. However, the page used as a launch pad for the worm -- hosted in Spain -- has now been removed.

Eric Chien, chief researcher at Symantec's Antivirus Research Centre (SARC) says that the virus appears to have been halted in its tracks.

"We've had zero reports and as I understand from other antivirus vendors I've spoken to they've had no reports either," says Chien. "It is dependent on a Web page that is no longer there so it doesn't work as it is." Chien says it is not unusual for a virus outbreak to be restricted to a single company.

Little Davinia uses a sophisticated combination HTML, Visual Basic, Macro's and email to initiate an attack. Consequently it only affects users with Word 2000 installed.

The worm spreads by email and then attempts to download a malicious executable file. This then sends the file on to all entries in a users email address book and attempts to overwrite the content of the victim's hard drive.

Chief executive of Panda Software Mikel Urizarbarrena suggests that the author of the worm -- believed to be a Spaniard using the handle Onel 2 -- is a sophisticated and calculating virus writer.

Take me to the Virus Workshop

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.