New Worm Disguises Itself as Microsoft Patch

HomeSecurity
Sharon Gaudin
By Sharon Gaudin

Security analysts are warning users to be wary of a new worm that disguises itself as a

Microsoft security patch for the MyDoom virus.

Roca-A, which also is known as Sober-D in some circles, was released into the wild on

Sunday and started hitting Germany and the United Kingdom right out of the gate. In the

past 24 hours, it has spread to other countries, including the United States.

The worm arrives in inboxes with the subject line: ”Microsoft Alert: Please Read”. The

body message refers to the detection of a new MyDoom variant.

The ZIP file attached to the email carries the Roca-A worm, according to analysts from

Sophos, Inc., a Lynnfield, Mass.-based anti-virus and anti-spam company. Once installed,

the worm will present a phony message stating that the patch has been installed correctly

or that no patch was needed.

The worm also is bilingual.

If Roca-A determines that it is being sent to a German email address, it will present

itself in German.

”As the Sober-C worm has shown in recent months, viruses which use more than one language

when communicating with users can be more successful at not raising suspicion,” says

Graham Cluley, senior technology consultant for Sophos. ”Companies should ensure their

anti-virus software is automatically updated, and screen for dangerous filetypes at their

email perimeter.”

This new threat hit the Internet just as a dramatic wave of viruses and variants appears to

be winding down. IT managers and the anti-virus community have been plagued over the last

few weeks by a barrage of variants from the Bagle, Netsky and MyDoom families. Upwards of

16 variants and new worms hit the Internet in a matter of weeks. As for the Bagle worm

alone, seven variants were let loose within a 72-hour period.

The security intelligence firm mi2g, which is based in London, released a report this

morning calling last week’s barrage of attacks ”historically unprecedented”.

So far, according to mi2g, the combined worldwide economic damage from Bagle, Netsky and

MyDoom has crossed $100 billion. The company lists Sobig, MyDoom and Netsky as the most

damaging malware in history.

The onslaught might have slowed slightly, but it certainly hasn’t stopped.

In the last few days, Roca-A was joined by several other viruses, including the K and J

variants of Netsky and the K variant of Bagle.

Previous article
Let Your Visitors PDF Your Pages
Next article
Who Should Adopt Networked Storage?

Similar articles

Get the Free Newsletter!
Subscribe to Data Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Data Insider for top news, trends & analysis
This email address is invalid.

Latest Articles

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation’s focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.