October 3, 2001
In the past few weeks, I have seen more nasty viruses than in any period I
can recall. Hybris, Magistr, SirCam, and Nando are but a few of them
and the vast majority of computers are not protected, at all.
As of last night, 25% of the computers
scanned by McAfee were infected with the Nando virus, which first appeared on
September 18! It is a wicked little devil that resends
itself to everyone in the computer's address book, infects every system on the
local network, and even inserts itself into the company's homepage, if it
can. The cost of the bad PR due to the infection of every
website visitor's system could be staggering.
Unless the antiviral data files have been
updated within the past week, the computer is not
protected. Virus software compares files that are opened
or executed against a database of "signatures". With three new viruses
every day, systems that have old virus definition files might as well not even
be running the software; it will not recognize or stop the new viruses and
creates a false sense of security.
Most of the "Roadrunner" clients I have serviced were not running any
antiviral software at all and not one of them had been updated. Since that
is one of the most expensive services available, doesn't it stand to reason that
the subscribers will tend to be more influential and successful infection of
their systems would be the most damaging?
Most computer technicians also tend to ignore the antiviral software
altogether. Don't assume that the guys taking care of your computer even
check to see if the antiviral software is working, much less whether it is
current. Most of the companies servicing small businesses have no
procedures for regular software maintenance and most of the technicians don't
have any data they care about.
I believe that we must have a major publicity campaign to educate the
computer user's of the danger and, more importantly, how to check for and
perform regular antiviral updates. If we don't, then I am afraid a truly
destructive attack will be outrageously successful.
One fourth of our computers are already infected with Nando. The
virus itself seems to do little except spread. It does; however, open
the door for a follow-up by creating shares to all drives with no password
and by holding open every TCP/IP port it can.
We need to move fast, before the next virus comes through those
If I can be of any assistance in this matter, or any of you should
have any questions, please feel free to contact me.