Press Releases

Browse our press release archive

29 Nov 2002

Are CEOs bad for your company's data?

Sophos researchers have advised computer users hit by the W32/Winevar-A worm to double-check their computer's file associations after cleaning up their infection.

One of the interesting payloads of W32/Winevar-A is that it changes file associations so that all files ending .CEO are treated as if they are executable. This means a future virus could transmit itself amongst Winevar victims in the form of a .CEO file.

"Many users who are naturally suspicious of a .EXE or .VBS file may think a .CEO is safe," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "When you clean-up after a virus infection it's important not just to remove the virus but to patch any other vulnerabilities it may have inserted for possible future exploitation."

The W32/Winevar-A worm has a number of payloads, including attempting to disable anti-virus programs and - in some circumstances - deletion of all files on the user's hard drive.

Users who have deployed Sophos MailMonitor for SMTP's threat reduction technology can pro-actively block any Windows executable code from entering their organisation, regardless of the file's extension.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at