Virus fighters catch NakedWife worm in the act

The destructive "NakedWife" Trojan worm that hit the Net Tuesday did not spread far. The impact was minor and only computers in North America and Europe were hit.

"Compared to the Anna Kournikova and I Love You viruses this worm did not get anywhere at all," said André Post, senior researcher at Symantec Corp.'s Antivirus Research Center (SARC). "If I have to make an educated guess, I would say a few thousand computers were infected."

First reports on the worm came in at around 10:00 AM EST Tuesday. By the end of the workday on the US East Coast the spread of the virus had stopped, said Post.

"Quick acting on our side doesn't guarantee anything if users don't react. Wide spreading was also prevented by the increased virus awareness amongst customers," said Post, adding that wide media coverage also contributed.

SARC received "about 40" reports from customers with infected systems, most of which were in the US, a few in Canada and a few in Europe. McAfee, a division of Network Associates Inc., reports lower numbers with 15 customers hit in North America and three in Europe. Asia, it seems, wasn't hit at all.

"Asian businesses had already closed for the day when the worm surfaced. When they opened on Wednesday the worm had been dealt with," said Post.

Both McAfee and SARC said NakedWife most likely was created in South America.

"We suspect the worm originated in Brazil. Virus writers typically add their nickname to the viruses they write and we keep a close eye on the writers," said Post, noting that most new viruses come out of South America. "Viruses are hot there."

Although NakedWife didn't make it far, McAfee still rates the worm "high risk."

"We gave it that rating because of the destructive payload," said Marius van Oers, virus research engineer at McAfee in Amsterdam. "I expect the rating to go down to medium in the course of Wednesday."

The Trojan worm is spread via e-mail using the address book of Microsoft Corp.'s Outlook e-mail client. It arrives in an e-mail with the subject "FW: Naked Wife." Once the attachment -- NakedWife.exe -- is executed, the worm starts sending itself to every e-mail address in the infected user's address book and deletes dozens of important Windows system files, forcing the user to re-install Windows, Van Oers said.

Most anti-virus software vendors have updated virus definition files available that can discover and eliminate NakedWife.

Network Associates, in Santa Clara, California, can be reached at +1-408-988-3832 or at http://www.nai.com/. Symantec, in Cupertino, California, can be reached at +1-408-253-9600 or via the Web at http://www.symantec.com.

Join the newsletter!

Error: Please check your email address.

More about McAfee AustraliaMicrosoftNAISymantec

Show Comments