29 Nov 2002
Are CEOs bad for your company's data?
Sophos researchers have advised computer users hit by the
W32/Winevar-A
worm to double-check their computer's file associations after
cleaning up their infection.
One of the interesting payloads of W32/Winevar-A is that it
changes file associations so that all files ending .CEO are treated
as if they are executable. This means a future virus could transmit
itself amongst Winevar victims in the form of a .CEO file.
"Many users who are naturally suspicious of a .EXE or .VBS file
may think a .CEO is safe," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "When you clean-up after a virus
infection it's important not just to remove the virus but to patch
any other vulnerabilities it may have inserted for possible future
exploitation."
The W32/Winevar-A worm has a number of payloads, including
attempting to disable anti-virus programs and - in some
circumstances - deletion of all files on the user's hard drive.
Users who have deployed Sophos
MailMonitor for SMTP's threat reduction technology can
pro-actively block any Windows executable code from entering their
organisation, regardless of the file's extension.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.