Latest Worm Attacks Antivirus, Security Apps

The Goner virus is spreading via E-mail and the ICQ instant-messaging system, and it's proving to be as fast moving as the Love Bug virus.

InformationWeek Staff, Contributor

December 4, 2001

2 Min Read

A new Visual Basic Script virus is rapidly spreading via E-mail and the ICQ instant-messaging system, shutting down most antivirus and desktop security applications. The worm, dubbed the Goner virus, greets targets with the subject "Hi" and the text reads:

"How are you?

"When I saw this screensaver, I immediately thought about you

"I am in a hurry, I promise you will love it!"

What users really download is Gone.scr, a copy of the worm that's been compressed. If the file is opened, the user's PC becomes infected and it attempts to destroy all security applications. A back door is installed, linked to an Internet Relay Chat program, and this application can be used to launch denial-of-service attacks against IRC servers.

"This thing is spreading far faster than Badtrans," says Russ Cooper, surgeon general with security firm TruSecure Corp., referring to another mass-mailer virus that struck users hard over the Thanksgiving weekend. Secure E-mail provider MessageLabs says it has stopped more than 30,000 copies of Goner with its antivirus software, and the company is seeing Goner arrive with one out of every 30 E-mails. According to MessageLabs, the Love Bug virus arrived with one out of every 28 E-mails.

Most antivirus vendors placed Goner as a medium risk earlier in the day, but by late Tuesday afternoon it became apparent that Goner was spreading faster than many expected it would. "We don't know why it is spreading so fast," Cooper says. "Anyone who experienced Badtrans would have protected against .scr attachments." Cooper says Goner has hit many large companies hard. "Very few people block attachments at the gateway. And desktop users did not have their antivirus updated, so it reached critical mass."

Given the risks, many experts are surprised that companies let potentially dangerous attachments enter their E-mail systems. Says Cooper, "You'd be hard-pressed to make a business case to need to accept .scr attachments."

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights