# URGENT NEW VIRUS ALERT



## Gordon Angus Mackinlay (4 Dec 2001)

Mr Bobbett,

This is a virus alert put out by Telstra:

Goner computer virus alert 

A powerful new computer virus is causing havoc with e-mail systems across the world.

Experts described the virus, called Goner, as one of the fastest-spreading they had yet seen and warned computer users to immediately delete it if they received it.

Alex Shipp, spokesman for anti-virus service MessageLabs, said: "It‘s spreading with tremendous speed and thousands of users in Britain have already been sent it.

"The virus mass mails itself out through e-mail and attempts to destroy anti-virus software on computers, which could prove extremely problematic for those unfortunate enough to receive it."

Goner worm  
• Affects: Microsoft Windows with Outlook, Office and ICQ installed
• Spreads: Through address books
• Impacts: Disables anti-virus and security software
• Preventions: Delete email, do not open attachment, update anti-virus product


--------------------------------------------------------------------------------

The infected e-mail has the word "Hi" as its subject and body text which reads "When I saw this screen saver, I immediately thought about you. I am in a harry (sic), I promise you will love it." Its attachment is labelled "gone.scr."

It was first detected this morning in the US but experts believe it was created in Europe.

Kathryn Kerr, Threat Assesment Manager at Australia‘s Computer Emergency Response Team, AusCERT, said she has had reports of Australian organisations blocking the virus before it entered internal email accounts.

"It certainly is in Australia and has most likely infected some computers," Ms Kerr said. 

The virus - technically called a worm because it can propagate itself - is unleashed when the recipient double-clicks or opens an attachment called gone.scr. 

MessageLabs intercepted 33,000 copies of the virus by 1.35pm (1601 AEDT) today at a rate of 130 a minute, making it one of the fastest-spreading viruses it‘s ever seen, reported David White, the company‘s technical manager at its US branch office in Bloomington, Minnesota. 

One in 28 e-mails intercepted on MessageLabs‘ system Tuesday carried the worm, he said. 

The .scr on the file name normally identifies screen saver programs, but can be used to disguise computer worms or viruses. 

Once unleashed, the worm e-mails itself to addresses it finds in Outlook or Outlook Express. 

Corporate and home computer users alike were hit hard by the Goner worm today, unlike another recent virus called BadTrans.B, which mostly affected home users. 

Mcafee.com, an anti-virus software maker, gave the outbreak a high rating - its most serious rating.

Symantec, maker of Norton anti-virus software, rated Goner‘s potential for damage as medium but its distribution high. Other anti-virus software makers featured it prominently on their web pages.

The virus‘ rapid spread shows that people need to relearn safe computing habits, experts said. 

``This is a case of putting your e-mail condom on. If you get an attachment from someone you don‘t know or something that you‘re not expecting, don‘t open it,‘‘ said Steve Halligan, the Geek Squad‘s chief technical officer. 

``It doesn‘t exploit a vulnerability in Microsoft Outlook - the exploit bug is in people‘s brains. They can‘t resist‘‘ opening an infected attachment, said Graham Cluley, senior technology consultant for Sophos Anti-Virus in London. 

Computer users should download the latest version of their favourite anti-virus software, experts recommended. Macintosh users are not believed to be susceptible. 

The worm is dangerous because it weakens the internet‘s ``immune system‘‘ by removing anti-virus software and firewalls designed to keep hackers out of computers, said Sam Curry, a security architect for Mcafee.com. 

``It‘s the equivalent of having your shields down across the internet,‘‘ he said. ``It‘s a hacker‘s dream. It opens up computers to attack from a lot of old tools that they were previously protected from.‘‘ 

A criminal investigation has now been launched in an effort to track down the person responsible for the virus.
Previous viruses, such as Love Bug, Code Red and the Nimda Worm, caused problems for millions of computer users across the world.


----------



## Mike Bobbitt (4 Dec 2001)

Confirmed, this is real. I‘ve taken pro-active measures to protect the mailing list.

Thanks


----------

