Two families in Shakespeare’s Verona didn’t like each other, so a couple of kids lost their lives. Now security companies can’t agree whether a recently discovered virus named after those kids is lethal too.
The “Romeo & Juliet” virus is “particularly dangerous,” according to GFI Fax & Voice, maker of the Mail Essentials server-based e-mail content-checking program. But another pair of antivirus vendors, Symantec and McAfee, disagree. In fact, VirusScan manufacturer McAfee rates Romeo & Juliet’s risk assessment as “low” in its virus information library rates.
Technically speaking, Romeo & Juliet is a worm, spreading from PC to PC via e-mail. But unlike the famous “I Love You” worm of last spring, Romeo & Juliet doesn’t require you to open an attached file to infect your system and spread the virus. All you need do is open the e-mail message, making it potentially more dangerous.
The worm, which comes as an HTML-formatted message, contains a script that saves its two attached files, My Romeo.exe and My Juliet.chm, to your C:\Windows\Temp folder. It then executes the files, which send similar e-mail messages to everyone in your address book.
According to GFI, this constitutes “malicious code,” because it takes independent action on your system. But Romeo & Juliet hasn’t actually caused any harm. It doesn’t reformat hard drives or wipe out data. All it’s really done is reproduce itself.
And it doesn’t even do that anymore. The worm routes its messages through one of six particular servers in Poland, and the people running those servers have by now taken steps to block it. In other words, this may be a virus that got stopped before it had a chance to spread.
The real danger of Romeo & Juliet may lie in the ease in which the code can be altered to create a more dangerous version. A variation of the worm might be designed to spread more freely and do real damage.
“It will take a semiskilled hacker about 1 hour to make a version that uses different relay sites,” according to a GFI spokesperson. It can take only “a few minutes [to] alter the payload.”
What’s the best way to protect yourself from future HTML e-mail worms? GFI suggests you block them “at server level, using a content-checking e-mail gateway like Mail Essentials.” According McAfee and Symantec, which markets Norton AntiVirus, a combination of antivirus software and a firewall should do the trick.
In other words, GFI says that Romeo & Juliet is very dangerous, so you should buy their software. Symantec and McAfee, on the other hand, say it’s nothing to worry about. But just in case, buy their software.
Perhaps the virus should have been named Hamlet, who did mention “a certain convocation of politic worms.”