The second virus this year to bear romantic connotations, following the Love Bug last May, Romeo & Juliet
is particularly dangerous because current virus scanners cannot detect it.
LONDON - GFI, a developer of e-mail content checking and anti-virus
gateway software, has discovered a hazardous new e-mail virus that it named the Romeo & Juliet virus.
The virus is transported by an HTML e-mail containing malicious code, an executable file called My Romeo and
a compiled help file (.chm) called My Juliet.
The Romeo & Juliet virus takes advantage of an exploit described by Georgi Guninski. The HTML code automatically
runs an executable file. It then spreads across the Internet by connecting to a number of open relay sites.
"The Romeo & Juliet virus takes e-mail viruses to alarming new dimensions, as it cannot be detected
by anti-virus programs," said Nick Galea, CEO of GFI. "It seems to rely on HTML scripts to run an executable
file without user intervention. The only way to protect your network against the Romeo & Juliet virus is to
block it at server level using a content checking e-mail gateway like Mail essentials, which can be set to filter
all mails containing HTML scripts, as well as .chm and .exe attachments."
Newly discovered in the wild, Romeo & Juliet comes hot on the heels of the Hybris worm that made the news
earlier this week. Although described as being relatively harmless by anti-virus companies, the Hybris worm is
highly sophisticated in format and can update itself as it spreads, with the potential to download dangerous components
in the process. In such a case, the Hybrid worm, which is transmitted as an e-mail attachment, could cause untold
damage if activated.
"The e-mail viruses emerging today are becoming more complex and are proving ever harder for traditional
anti-virus programs to safeguard against. It is no longer enough to rely on anti-virus software alone for protection
against e-mail viruses and attacks. Organizations should invest in multi-layered e-mail security to have both anti-virus
and content checking filters at server level," Galea explained.
More information about Mail essentials for Exchange/SMTP and a free evaluation version can be found here.