The newly discovered “Shockwave” virus appears to be doing less damage than originally feared because corporate users and other intended victims may finally be getting better at dealing with such threats, security analysts said.
The virus disguises itself as a Shockwave file attached to an e-mail message from someone familiar to the recipient and was first reported last Thursday by several vendors of antivirus software. The file containing the virus is named creative.exe, and the e-mail includes this short message: “Check out this new flash movie that I downloaded just now … It’s great. Bye.”
When a user doubleclicks on the attachment, the virus copies itself onto the victim’s system and sends new copies of itself via e-mail to all the names contained in that person’s Outlook address book. The virus doesn’t delete any files but will move and rename some graphics and zip files, analysts said.
Though security firms were quick to put the virus in the high-risk category because of its ability to mass-mail copies of itself, some analysts and antivirus vendors said the actual damage caused by the virus appears to have been minimal so far.
“We believe the worst is already over,” said Paul Robertson, a senior developer at TruSecure Corp. in Reston, Va. Robertson said that despite several reports of corporations being infected by the virus late Friday afternoon and early yesterday morning, the situation has eased considerably since then.
“It speaks to the fact that administrators are getting used to dealing with these kinds of threats,” Robertson said. For example, he added, users can avoid being infected by following basic security procedures such as applying all the recommended patches for the software products they use, regularly updating antivirus software and blocking certain kinds of attachments from entering corporate networks.
Companies that applied an Outlook patch released earlier this year by Microsoft Corp. would have been protected against the latest virus, said Ryan Russell, MIS manager at SecurityFocus.com in San Mateo, Calif. “People are getting smarter about dealing with these kinds of [problems],” Russell said.
But what may also have helped mitigate the damage so far is that the Shockwave virus appears to be relatively unsophisticated, Russell added. “There is nothing very clever about this virus at all,” he said. “It totally relies upon the user [to propagate itself].” As long as users don’t open suspicious attachments or ones that come from unknown sources, the ability of the virus to cause damage will remain limited, he said.