29 Nov 2002
Are CEOs bad for your company's data?
Sophos researchers have advised computer users hit by the
worm to double-check their computer's file associations after
cleaning up their infection.
One of the interesting payloads of W32/Winevar-A is that it
changes file associations so that all files ending .CEO are treated
as if they are executable. This means a future virus could transmit
itself amongst Winevar victims in the form of a .CEO file.
"Many users who are naturally suspicious of a .EXE or .VBS file
may think a .CEO is safe," said Graham Cluley, senior technology
consultant for Sophos Anti-Virus. "When you clean-up after a virus
infection it's important not just to remove the virus but to patch
any other vulnerabilities it may have inserted for possible future
The W32/Winevar-A worm has a number of payloads, including
attempting to disable anti-virus programs and - in some
circumstances - deletion of all files on the user's hard drive.
Users who have deployed Sophos
MailMonitor for SMTP's threat reduction technology can
pro-actively block any Windows executable code from entering their
organisation, regardless of the file's extension.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.