Slammer, the Latest Worm to Follow in the Footsteps of Melissa

March 26 is the fourth anniversary of the appearance of Melissa, a macro virus for Word with worm-type characteristics, which caused one of the worst massive infections ever. Four years later, worms are still responsible for many of the major incidents affecting users’ computers, as highlighted by the recent SQLSlammer worm, or Klez.I, which has consistently topped the Panda ActiveScan ranking of most frequently detected viruses.

Melissa sent itself automatically, attached to an e-mail message, to the first 50 addresses in the Outlook address book in the victim’s computer. This characteristic, which enabled it to spread rapidly across organizations, was improved and used in later worms such as VBS/Freelink. Unlike its predecessor, VBS/Freelink sent itself to all addresses in the affected computer.

Later still, in May 2000, the infamous I Love You virus appeared. The losses caused by this malicious code totaled some 10,000 million euros, according to Computer Economics, a figure which has yet to be surpassed by any other virus. The suggestive text of the I Love You e-mail worm led thousands of users to unwittingly contribute to the wildfire spread of this malicious code, simply by opening the e-mail containing the worm. This encouraged virus creators to take advantage of what is now referred to as ‘social-engineering’, as can be seen with worms like W32/Hybris, which spread widely by using an e-mail referring to a somewhat unorthodox version of Snow White and the Seven Dwarves.

The other main weapon used by worms to spread rapidly across computers is the exploit of vulnerabilities in common applications. This particular trend was started in 1999 by VBS/Bubbleboy, which made use of a security hole in Internet Explorer 5 to run automatically, and continued in 2001 with Code Red and Nimda.

Recent months have seen similar exploit-based attacks with worms like Klez.I and Slammer.

– For almost a year, Klez.I has topped the ranking of viruses detected by Panda Software’s free online scanner, thanks to its ability to spread by exploiting a vulnerability in Internet Explorer versions 5.01 and 5.5

– In January 2003, Slammer hit thousands of servers worldwide by exploiting a buffer overflow vulnerability in SQL servers and caused more than 705 million euros in losses according to Computer Economics.

The continual emergence of worms like these highlights once again the need for users to be cautious and to take measures including those listed below:

– Scan e-mails received before opening. There are many viruses that arrive in e-mails that have been sent by, or appear to have been sent by, people who the users know and trust, thus avoiding the slightest suspicion of the true nature of the message. For this reason it is highly advisable to scan all mail received before opening.

– Use a good antivirus with daily updates to ensure detection and elimination of the latest viruses. The antivirus should include permanent technical support to answer questions and resolve any sort of problems, rapid antidotes for new viruses and an alerts service.

– Install software updates and patches released by developers to resolve security holes and vulnerabilities in their applications.

– Stay up-to-date, on the latest security news. Visit specialized portals and read IT security e-bulletins and other newsletters such as Oxygen3 24h-365d and Virus Alerts, provided free of charge by Panda Software in Spanish and English.