W2K/Stream: No panic for Sophos users

September 06, 2000 Sophos Press Release

Sophos researchers have today received a number of enquiries about a virus called W2K/Stream which uses Alternate Data Streams (ADS) under Windows 2000.

One security company even compared W2K/Stream to "an AIDS disease for computers", as others predicted anti-virus companies will not be able to detect the virus. Sophos users, however, found it easy to protect themselves.

"To compare a simple computer virus to AIDS is not only inaccurate, it's in appalling taste," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "We can only assume their intention is to gain newspaper inches and frighten their users, rather than actually provide sound sensible information about the true level of the threat."

Although the virus is not in the wild, and is not considered a threat, Sophos issued an IDE update to protect against it because of the media interest. This IDE will be incorporated into the main shipping product in version 3.39.

In this way Sophos Anti-Virus can not only detect the virus via a regular sweep of your hard drive, but can also provide on-access protection to prevent accidental infection.

"We have no reports of anyone infected by this virus," said Graham Cluley. "The biggest problem connected with this virus appears to be people forwarding the various alerts to each other, rather than anyone actually being hit."