An Internet worm that disguises itself as a Shockwave Flash movie is gaining traction among corporations around the world, and at least one anti-virus software vendor upgraded the virus to "high risk" recently.
Anti-virus company McAfee said it has received as many as 50 reports of the virus in the past 24 hours, most of which are from corporations, including several Fortune 500 companies. The unusually high number of reports prompted the Network Associates subsidiary to upgrade the virus from medium risk to high risk late last week.
Trend Micro is also seeing increased incidents of the virus, which arrives in an e-mail bearing the subject line "A great shockwave flash movie." Trend Micro received reports of the worm from nine Fortune 500 companies in the US, Europe and Asia, as well as numerous smaller companies, officials said.
The worm, which first appeared Thursday, is delivered to users in the form of an e-mail attachment that appears to be a Shockwave Media Player. When a user tries to view the fake movie attachment, the worm sends a copy of itself to all people in the address book of the user's Microsoft Outlook e-mail program, potentially clogging e-mail networks.
The worm doesn't destroy files on a user's computer but renames all files of the ".jpeg" and ".zip" type and moves them to the PC's root directory, said Patrick Nolan, a virus researcher with McAfee's Anti Virus Emergency Response Team (AVERT).
There doesn't appear to be a pattern to the industries that have been affected by the virus, which include companies in the manufacturing, banking, healthcare and retail sectors, officials at both Trend and McAfee said.
While the worm doesn't delete files, it can clog networks and take e-mail servers offline. Cleaning up files that have been relocated and renamed could also waste considerable time for IS staff, Nolan saidAnti-virus vendors have long been warning users not to open attached files of the ".exe" type. One reason the Creative.exe virus may be spreading so quickly is that it uses the Shockwave Flash movie icon. Users tend to trust familiar icons they see on their computers, and virus writers are starting to play off that trust, a spokeswoman for McAfee said.
"This could be setting a new trend in virus writing," she said.
The virus hasn't caused as much damage as the notorious "I Love You" virus, which reached millions of computers in May this year and wreaked havoc at corporations around the globe. The ability of "I Love You" to delete files, and the fact that it spread so rapidly, earned it McAfee's highest risk assessment - "high risk - outbreak". The Shockwave virus is currently rated as high risk, one step below.
Anti-virus vendors said users should upgrade their anti-virus software immediately. Most vendors provide free updates to the latest anti-virus files on their Web sites. Trend Micro said its users should visit www.antivirus.com/vinfo/, while McAfee pointed its users to www.avertlabs.com/.