Panda issues warning against Evil

Spanish anti-virus company says Evil is the first Active X virus discovered in the wild. Major competitors say it's no big deal.

A squabble has broken out among anti-virus vendors as to the significance of a new malicious program written using the Active X plug-in for Internet Explorer.

Panda Anti-Virus, the Spanish company that discovered the program, has issued a warning to the public heralding this as the evolution of a new kind of deadly computer virus. Other anti-virus firms beg to differ.

This new program, named "Evil", although dubbed a "Trojan" by Panda is in fact no more than a program launcher. When present on a computer Evil will begin downloading other files from a remote server. These files could be data-destroying viruses or other sorts of malicious code, which does make this a serious issue, but other anti-virus authorities have cautioned that the hype may be getting out of hand.

Jack Clark, European product manager for Network Associates Anti-Virus, for example, says: "I want to stop this before it goes too far. People have been doing things with Active X for a while so it isn't really anything new. Microsoft has already released a patch for Internet Explorer and it isn't a problem for us to protect users against [this]."

Clark also says that Network Associates is yet to issue a fix itself. "To be honest, I really doubt it is in the wild at all," he says. "When we get a sample we will issue a fix, but we haven't seen one so we're doing nothing at the moment." A virus is in the wild when it has been known to actually infect computers.

This is a view shared by one of Network Associates' competitors, Symantec. Aled Miles, managing director for Symantec in the UK and Ireland agrees that Panda is blowing things out of proportion. "This one has not appeared on our radar screen to warrant us issuing a warning. That would be premature."

Panda nevertheless vigorously defends its decision, claiming that perhaps other anti-virus firms are not taking the situation seriously enough. "We have found five separate incidents of Evil in the wild," says Robert Richmond, technical director of Panda UK. "Active X is just like Visual Basic in that it can be changed and modified, and this makes it a serious threat. Active X doesn't carry a safety warning unless you download a patch from Microsoft, and besides you can't say that it is good policy to disable Active X controls."

There have been numerous security problems with the Active X plug-in, and anti-virus experts have often warned that new types of viruses using this plug-in may be on the way. However, this is arguably the first malicious Active X program to have been discovered in the wild.

An update protecting against Evil is available for Panda's anti-virus software from the company's Web site.

Active X is a plug-in for Internet Explorer that allows programs and files to be accessed from an applet embedded in HTML text. Evil will effect anyone using Microsoft Internet Explorer 5 on Windows 95, 98 or NT, who is unlucky enough to visit an infected Web site or receive an email carrying the bug.

Take me to the Hackers news special