Security analysts say while the Neroma worm, which plays on fears surrounding the Sep. 11
date, poses little threat, they are alert for increased virus trouble this week.
Neroma, also known as Icebut, is a mass-mailing worm that spreads via the addresses it culls
out of the address books in infected computers. The subject line reads: It’s near 9/11. But
the message reads: Nice butt baby. It also sports an executable attachment.
Security analysts at both Sophos, Inc. and Central Command, Inc. say Neroma has caused
little trouble so far. The worm, though, has caused concern because of its reference to Sep.
”I guess the reason why Neroma was initially released as an advisory was to start advising
people to be prepared for the Sep. 11 based viruses,” says Steven Sundermeier, vice
president of products and services at Central Command, an anti-virus company based in
Medina, Ohio. ”Since the Sep. 11 attacks, it has been one of the most highly targeted virus
dates. It’s an enticing, easily targeted date. When I say date, I mean on or about or
As analysts wait to see if the Sep. 11 anniversary draws fire from the virus and hacker
communities, they’re also waiting to see what the next move is from the author of the
destructive Sobig virus family.
The last Sobig variant, Sobig-F, wreaked havoc on businesses around the world last month.
It’s now considered the fastest-spreading virus in the industry’s industry, as well as one
of the most costly viruses on record. Mi2g, a digital risk assessment company based in
London, reports that Sobig-F caused $29.7 billion worth of economic damages. Thanks largely
to that, August has gone down in the books as the worst month in history for digital
attacks. Last month, viruses, along with overt and covert hacker attacks, caused $32.8
billion in economic damages.
What is worrying security experts now is that Sobig-F is about to hit its own deadline. As
of Sep. 10, the virus will stop spreading itself across the Internet. And historically, one
Sobig variant has always followed another, each new variant building on the base of infected
computers and building on the damage caused by the last one.
That leaves the security industry wondering when the next Sobig variant will arrive and what
kind of damage it will wreak.
”We wouldn’t be surprised if it came out in the near future,” says Chris Belthoff, a
security analyst with Sophos, an anti-virus company based in Lynfield, Mass. ”Our posture
is: Hope for the best. Expect the worst.”