Since Monday morning "Lovgate" has been the most commonly
searched for phrase on the Sophos website as people hunt for
information on the new computer worm which distributes itself using
a variety of different filenames, including hamster.exe. However,
Sophos technical support has not seen a correspondingly high number
of reports from businesses actually infected by the virus.
W32/Lovgate-B
(also known as Lovgate-C by some anti-virus products) has been
widely written about by the media following high-level warnings
from some anti-virus companies. Sophos, however, believes that
reports of the worm are dwarfed by other viruses which have been
spreading for longer, such as W32/Klez-H and W32/Sobig-A.
"It appears the "high" assessment given to this virus by some
anti-virus companies describes the concern that has generated about
it better than it describes its actual worldwide prevalence," said
Graham Cluley, senior technology consultant for Sophos Anti-Virus.
"Although Lovgate is being seen in the wild it is not being
encountered anything like as much as old faithfuls like Klez-H.
Companies who practise safe computing and block executable code at
the email gateway are unlikely to be at much risk".
Sophos believes that mass-mailing viruses can easily become
over-reported, especially in statistics derived from email gateway
detections alone. This is because an email which contains a copy of
a virus does not necessarily correspond with an infection by the
virus. After all, 10,000 copies of the virus in emails which aren't
actually deliverable at their final destination (and which would
ultimately be discarded anyway) might clock 10,000 hits at the
email gateway which is blocking that virus.
How to help avoid infection in the future
Update your corporate anti-virus software now so that you can
detect those viruses which are spreading in the wild. If you do not
have procedures for rapid updates, implement them now, because you
are sure to need them again. Sophos
Enterprise Manager is one way to help automate protection
updates inside your company.
If possible, block all Windows programs at your email gateway.
Some email applications can be configured to do this. It is rarely
necessary to allow users to receive programs via email. There is so
little to lose, and so much to gain, simply by blocking all
mailed-in programs, regardless of whether they contain viruses or
not. Sophos MailMonitor for SMTP
contains pro-active threat reduction technology which can help you
block dangerous filetypes and executable code at the email
gateway.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.