By MICHAEL FOREMAN
The United States presidential election could have been partly to blame for the recent Prolin-Shockwave outbreak that hit many local computer users.
Oregon-based virus hunter Vincent Gullotto, founder director of Network Associates' Anti Virus Emergency Response Team (Avert), believes that an amusing animation of the two presidential candidates dancing, which had been circulating in the US the day before Prolin hit, put users off their guard.
This harmless flick was probably passed around by the same people who spread Prolin the next day.
"If people had been sent this movie and they enjoyed it, then they probably thought [Prolin] would be amusing too. It just might have made the difference."
Prolin's technique of teasing recipients into opening an infected file with the promise that they would see "a great movie" is not new. It has been used in alt.sex newsgroups to coax the unwary into downloading Trojan back door programs before, but Mr Gullotto says this was the first time a mass-mailed virus had been delivered in this way.
Thanks to the speed with which it spread, Prolin has joined other well-known viruses such as Melissa, the Love Bug and the Phage Virus, but it is just one of an estimated 55,000 to 56,000 known viruses.
Mr Gullotto says that in the three years since it was formed, Avert, now employing researchers in 16 countries, has discovered its fair share of these, but detection is not the big issue.
"There's a certain acknowledgment that goes with being the first to discover a virus, but we don't really brag about it."
Each month, Avert's researchers meet other anti-virus researchers and trade intelligence on new types.
In a typical session, Avert will pass on samples of around 25 to 40 per cent of that month's new viruses and receive roughly the same amount from other researchers in return. Avert then analyses the samples to produce virus definition files used in the anti-virus scanning software made by its parent, Network Associates, as well as other software companies.
"It's not just about a lot of people sitting in cubicles in front of PCs, we are very active in the anti-virus community."
Mr Gullotto says that assessing the threat posed by a particular virus is the hardest job. Avert tracks the frequency and the spread of many customer reports of attacks before delivering its verdict.
While harmless or slow-spreading viruses are classed as low-risk, a virus like Prolin might bubble along in the "medium-risk" category for a couple of months before a sudden increase in attacks causes it to be classed as "high-risk."
Mr Gullotto says that at the moment a virus called "Hybris" has been earmarked as a potential candidate for high-risk status.
"But we can't just go high-risk straight away; we have to consider these numbers over a 30-day period. Our biggest concern is that we don't cry wolf."
Avert uses this probationary period to prepare definitions, documentation and even press releases so it can notify Network Associate's technical support teams and the wider anti-virus community within 90 minutes of a major outbreak.
"If something breaks, everybody gets up, no matter where you are in the world or what time it is there. A big outbreak puts a big dampener on your social life for a few days."
Mr Gullotto says viruses are constantly developing, so it's difficult to predict from where the next threat might come. He admits he was surprised by the absence of the long-predicted Y2K viruses last year, but he believes virus writers may just be waiting a year.
Virus dos and don'ts
* Update your anti-viral definitions regularly.
* Be careful what you download.
* Scan files before opening wherever possible. (You can set your anti-virus software to do this.)
* Don't click on e-mail attachments to open them until you are sure they are safe. (You can receive a virus hidden in an e-mail attachment, but not be infected until you open it.)
* Watch out for incoming attachments ending in .vbs, .exe, or .doc. Treat them with caution (viruses are often hidden in electronic cards).
* Be immediately suspicious of multiple e-mails with identical subject lines.
* Saving a .doc file in rich text format (.rtf) will disable potentially harmful macros.
* Most virus warnings sent by e-mail are hoaxes. Check sites such as Symantec Virus Hoax before forwarding a hoax warning to all your friends.
Links
Symantec Virus Hoax
Beware of fun teasers says virus hunter
AdvertisementAdvertise with NZME.