New virus tools raise concerns

GodMessage, which is available for download on hacking sites, allows hackers to place ActiveX code on Web pages. You get infected just by browsing.

Security consultants have warned of two new varieties of virus, and said IT managers should ensure their antivirus measures are kept up to date.

Recently, Jonathon Mynott, a technical consultant at security specialist Cryptic Software, said hacker interest was growing in a virus tool called GodMessage. It will be easy to fall victim once the method becomes popular, Mynott warned. "You only have to browse a Web page to be infected," he said.

Mynott added that GodMessage, which is available for download on hacking sites, allows malicious hackers to place ActiveX code on Web pages. When Internet Explorer users visit an infected site, their browser downloads a compressed program. This then resides on users' hard disks, ready to be uncompressed on startup. Innocent sites could be surreptitiously hacked and have the virus implanted in their pages.

"If one person does that to the MSN homepage, half the world's computers could be (damaged) overnight," said Mynott.

Bob Ayers, director of security consultancy Para-Protect, agreed there is a risk. "It is a definite threat and one that should not be passed over as unlikely," he said.

Other experts said although the GodMessage virus is a threat, systems protected by updated antivirus software should not be infected. Denis Zenkin, head of corporate communications at antivirus firm Kaspersky Lab, said GodMessage 4 is an ordinary Internet worm generator, which attempts to drop and then execute a program on the user's PC. But Zenkin added, "We have received no reports of malicious code from GodMessage 4 in the wild."

Graham Cluley, a senior technology consultant at Sophos Anti-Virus, said: "GodMessage relies on a vulnerability in some people's browsers, but if you have an up-to-date antivirus, it's irrelevant."

He added that while the GodMessage virus is not a significant threat, a new virus that is able to spread via instant messaging software could prove more of a problem. Sophos recently discovered a worm named Choke, which sends itself to users' buddy lists on MSN Messenger as a program called Shoot-presidentbush.exe.

Cluley said firms must consider whether instant messaging software should be forbidden. "These viruses can waltz past antivirus gateway software." He added it also means users could send and receive unauthorised material without fear of detection.