The W32/Neroma-A worm has
caught the media's attention due to its reference to the
anniversary of the 11 September terrorist attacks. However, Sophos
believes it poses a low threat to customers who practise safe
The Neroma worm arrives in the form of an email with the subject
line "It's near 911!" with the message body "Nice butt baby!". If
recipients click on the attached file they are infected by the
virus which may attempt to delete files on the 1st, 4th, 8th, 12th,
16th, 20th, 24th and 28th day of each month.
"Mentioning 9/11 seems like a desperate plea for attention by
the virus writer, in the wake of a number of hard hitting real
threats like Sobig-F, Blaster, Nachi and Mimail," said Graham
Cluley, senior technology consultant for Sophos Anti-Virus.
"Fortunately his virus is scuppered by safe computing practices
such as keeping your anti-virus up-to-date, and blocking any
executable code from entering businesses at the email gateway."
Sophos strongly recommends that companies update their
anti-virus software to protect against the latest threats. If you
do not have procedures for rapid updates, implement them now,
because you are sure to need them again. Sophos Enterprise Manager is one way to help
automate protection updates inside your company.
If possible, block all executable code at your email gateway.
Some email applications can be configured to do this. It is rarely
necessary to allow users to receive programs via email. There is so
little to lose, and so much to gain, simply by blocking all
mailed-in programs, regardless of whether they contain viruses or
not. Sophos MailMonitor for SMTP
contains pro-active threat reduction technology which can help you
block dangerous filetypes and executable code at the email