Update: Shockwave warning puts UK firms on virus alert

Companies on standby as reports of pro-Linux Shockwave worm start to trickle in

Antivirus vendors in the UK are advising companies to be on alert this morning after receiving reports of a new nuisance worm dubbed Shockwave spreading from the US and Australia. It also emerges that the author is a fan of Linux.

The worm, known by the names TROJ_Shockwave.a and W32.Prolin.Worm is not considered particularly damaging by antivirus firms, although it is a nuisance for users and could clog up corporate email systems if it spreads quickly.

The worm arrives in the form of an executable attached to an email with the subject line "A great Shockwave flash movie" and with the body text "Check out this new flash movie that I downloaded just now... It's Great, Bye".

Once executed, the worm tries to cause maximum nuisance for users by changing the names of JPEG and ZIP files and moving them to the directory C:\. It also creates a text file in which the author warns users that all their data could have been destroyed and recommends they switch from using Microsoft's Windows to the free Unix-based operating system Linux. It is signed "The Penguin", the mascot of the Linux movement.

According to antivirus vendors, the worm then sends an email to the address z14xym432@yahoo.com with the subject line "Job complete" and a message saying "Got yet another idiot".

UK-based antivirus firm Sophos issued a warning at 4am this morning after receiving a report of the virus from an Australian company. It claims that so far only a limited number of reports have come in from UK companies but warns that the virus could flare up throughout the day.

Antivirus vendor Network Associates says it has received three reports internationally, although a representative says that the worms is probably not the most prolific ever seen. "There's always the chance it could explode and if it does we're ready, but it's not a Love Bug or Melissa, yet," says Jack Clark, European product manager.

The worm could flare up elsewhere, however. US antivirus firm Trend Micro also issued a security alert this morning stating that some of its customers in the US have received the worm.

Graham Cluely, senior technology consultant with Sophos, says that the advice for computer users is simple. "If you receive an unsolicited file don't run it, that's absolute madness," he says. "These viruses are all preying on the gullibility of users."

"Many people will want to see the movie so they will click on the attachment, which is just what the virus writer is counting on," adds David Perry, public education director for Trend Micro.

The majority of vendors have updated their antivirus software and made the new drivers available for download.

Is your PC safe? Find out at the Hackers News Special

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read other letters.