CNET también está disponible en español.

Ir a español

Don't show this again

Security

This week in worms

The wonderful world of worms has some new twists, but are most of us concerned? Apparently not.

The wonderful world of worms has some new twists, but are most of us concerned? Apparently not.

A new outbreak of Sober may be coming, security experts have warned, even as e-mail systems worldwide work to get rid of the last infestation of the mass-mailing worm. The next attack is hard-coded in the version of Sober that hit the Net on Nov. 22, said iDefense, part of VeriSign.

Infected machines are set to download instructions and potentially mail out a new wave of Sober e-mails on Jan. 5. That leaves Internet users with less than a month to shore up their defenses against Sober, which was the most prolific worm in 2005.

The possible outbreak could be stopped, said Mikko Hypponen, chief research officer at Finnish antivirus company F-Secure. The worm is set to download instructions from a number of sites hosted on the systems of free Web space providers. These are located mostly in Germany and Austria, he said.

On a related front, a new worm that targets users of America Online's Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload, IM security vendor IMlogic warned.

The worm arrives in instant messages that state: "lol thats cool" and includes a URL to a malicious file. When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus," IMlogic said.

The malicious file disables security software, installs a backdoor and tweaks system files, the company said. Then it starts sending itself to contacts on the victim's buddy list. The worm is programmed so that the infected user cannot see the messages that are being sent out by the worm.

So are most of us taking these threats seriously? Nope.

A survey of home PC users found 81 percent lack at least one of three critical types of security, though the number of consumers using firewalls and updated antivirus software is improving, according to a report by AOL and the National Cyber Security Alliance. The vast majority of consumers surveyed were found to lack at least one of three types of critical security: a firewall, updated antivirus software or anti-spyware protection.

Of this group, 56 percent had no antivirus software or had not updated it within a week, while 44 percent did not have a firewall properly configured, according to the report. Meanwhile, 38 percent of survey respondents lacked spyware protection.