The old adage of everything old is new again resurfaced last week as a new email worm reminiscent of the love letters and Anna Kournikova email worms from a decade ago infected systems around the globe. Using a Windows screensaver file containing malicious code, the “Here you have” virus pretends to offer links to PDF documents or videos before actually installing a worm on the user’s computer. Once on a system, the malware spreads by disabling antivirus programs and exploiting PC users’ address books. So far, organizations such as Google, NASA, ABC-Disney, Coca-Cola and Comcast have been hit.
Following the worldwide outbreak, Symantec, along with other antivirus companies, issued recommendations to help companies mitigate the threat and stop it from spreading. Instead of installing specific defenses to help further protect their networks, they recommended disabling network sharing, local network access and Internet access for infected computers, as well as blocking all outbound traffic to domains and IP addresses involved in the attack.
Really? Shut everything down? These recommendations sound more like a full-scale retreat than an effective defense against an easily preventable worm. Application whitelisting solutions such as BOUNCER by CoreTrace stop all malicious code execution to eliminate threats such as last week’s mass-mailing email, driveby downloads, and even DLL hijackings.
For security professionals, incidents like “Here you have” are staunch reminders that companies need to continually re-evaluate their existing security strategies to ensure their defenses aren’t disabled by inventive viruses or any malware variants — whether they’re new or an old nemesis with new tricks.