Feeds

Early birds catch Davinia worm

But get your MS Office patch now

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Even though the 'Davinia' worm has done far less damage than was first feared, anti-virus experts warn it exploits a vulnerability in Microsoft Office that most users have left open.

And the techniques used to write the Davinia worm could be used by virus writers to wreak far more damage.

According to the Virus boffins at Kaspersky Labs in Russia, Davinia has a very destructive payload, wiping the hard drive of any infected machine. However, it seems to have been defeated by its rather ponderous method of propagation. Antivirus companies are reporting that few of their customers have fallen victim to the virus - described as potentially another Love Bug by its discoverer, Panda Software.

A target computer is sent an email containing two script programs. The first opens an Internet Explorer browser window and initiates a link to the virus writers' site and the second opens a Word document from the site.

The Word document contains a macro that switches off built-in anti-virus protection, exploiting the "Office 2000 UA Control Vulnerability", discovered in May 2000 and for which a patch is available from Microsoft.

Then it emails a link to the vandal's Web site to all contacts in the victim's Outlook address book.

Kaspersky Labs says the rogue site is the only place where the virus part of the worm exists. This site has now been shut down.

However, other virus writers could use the same trick to propagate new malicious code, so the Russian virus hunters recommend that people download the patch for the vulnerability here.

Graham Cluley, senior technology consultant at anti-virus vendor Sophos, said that many, if not most users, have so far failed to apply the MS Office patch. This is important because the vulnerability means a virus could be developed that infect users without them opening an attachment in an email message.

Cluley criticised Panda Software, which discovered Davinia, for exaggerating the impact of the worm, and for its tardiness in exchanging copies of the malicious code through the Rapid Exchange for Virus Samples group, an industry group. ®

Lucy Sherriff contributed to this story

The next step in data security

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.