New Sysbug-A virus on the prowl

The Sysbug-A virus has been set loose and is attacking “the usual suspects” – meaning that Microsoft Corp. Windows users should be on alert, according to one IT security company.

According to security provider WhiteHat Inc., those vulnerable to the virus include anyone using Windows 2000, Windows 98, Windows 95, Windows ME, Windows NT and Windows XP.

Tom Slodichak, chief security officer at Burlington, Ont.-based WhiteHat, said that Windows users are most often picked on by virus writers simply because of the sheer number of them out there.

“If something like 90 to 95 per cent of the world’s desktop users are using Windows software both in the enterprise and at home, you are not going to go after small pockets of unusual operating systems,” he explained.

Slodichak described Sysbug-A as a “classic e-mail virus” which is originating from an account called

“It’s always the same subject line – Re: Mary – and the e-mail claims to have a zip file of photos of a tryst and tries to get the user to click on it and open it up,” Slodichak explained. “But it includes an executable that drops a Trojan onto that machine which will enable some unknown party to potentially take full control of that machine at will.”

He added that a user wouldn’t realize that his or her PC had been taken over immediately, but because the virus releases an unauthorized program or Trojan, the virus writer will have full access to the machine as if he was sitting at the infected computer himself.

“The Trojan doesn’t cause any damage to the PC immediately. It doesn’t erase files, it doesn’t cause any misbehaviour that the user can detect but Trojans have been implicated in denial-of-service attacks or distributed denial-of-service attacks such as those on Amazon and eBay a couple of years ago,” Slodichak explained.

There are both proactive and reactive measures that can be taken to fend off viruses, Slodichak said, including deleting suspicious e-mails that come from unrecognized sources or that have subject lines that simply don’t make sense.

Most importantly however, users need to perform constant virus checks.

“In other words, have an antivirus program installed. Generally speaking they are about $50 per year depending on the subscription and now there are also automatic updates whenever a new [virus] signature is available,” he added.

Linda Stutsman, chief information security officer at Xerox Corp. in Rochester N.Y., said that although Xerox hasn’t been hit by the Sysbug-A virus, it is ready for it.

“When we first heard about this virus, we immediately [went] out and [did] research on it to see what kind of a payload it has, what kind of attachments it has, what the subject line might say, and we changed our filters on our external relays to block those particular subjects,” Stutsman explained.

Like Slodichak, Xerox’s Stutsman agreed that one of the most important weapons when fighting viruses is keeping antivirus software up-to-date on all servers and clients.

For the past seven-and-a-half years Xerox has had an emergency response team in place to respond to viruses, but so far it has not seen any major business impact because of a virus.

“By major business impact I mean that we’ve stopped business process, that we have shut down the mail system – we have never had to do that. But we always have the plans in place just in case,” Stutsman said.

Slodichak said that although virus writer “villains” are getting more sophisticated in their work, there is currently no new “radical technology to detect or cleanse machines of viruses.”

He added that the “old and reliable technology” that is used today by matching incoming messages with signatures is still the most effective way to fight viruses.

“The industry is looking for means of detecting viruses without having that signature updated to your directory, but nobody’s come up with any sort of viable technology yet. So, that’s the one weak link. You have to have your antivirus and your auto updates up if up if you want to be assured of antivirus protection.”