No need to panic over 9/11 worm, says Sophos Anti-Virus

September 05, 2003 Sophos Press Release

The W32/Neroma-A worm has caught the media's attention due to its reference to the anniversary of the 11 September terrorist attacks. However, Sophos believes it poses a low threat to customers who practise safe computing.

The Neroma worm arrives in the form of an email with the subject line "It's near 911!" with the message body "Nice butt baby!". If recipients click on the attached file they are infected by the virus which may attempt to delete files on the 1st, 4th, 8th, 12th, 16th, 20th, 24th and 28th day of each month.

"Mentioning 9/11 seems like a desperate plea for attention by the virus writer, in the wake of a number of hard hitting real threats like Sobig-F, Blaster, Nachi and Mimail," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Fortunately his virus is scuppered by safe computing practices such as keeping your anti-virus up-to-date, and blocking any executable code from entering businesses at the email gateway."

Sophos strongly recommends that companies update their anti-virus software to protect against the latest threats. If you do not have procedures for rapid updates, implement them now, because you are sure to need them again. Sophos Enterprise Manager is one way to help automate protection updates inside your company.

If possible, block all executable code at your email gateway. Some email applications can be configured to do this. It is rarely necessary to allow users to receive programs via email. There is so little to lose, and so much to gain, simply by blocking all mailed-in programs, regardless of whether they contain viruses or not. Sophos MailMonitor for SMTP contains pro-active threat reduction technology which can help you block dangerous filetypes and executable code at the email gateway.