A multi-application internet worm has hit Australian shores, although security specialists say this is no cause for alarm, classifying the joke-bug as a "medium risk" to business operations.
The South American-originated virus, "IRC/Stages.worm" (with aliases LIFE_STAGES.TXT.SHS and VBS_Stages.A), had infected at least three Australian organisations, Andy Liou, marketing manager with Trend Micro Australia, said yesterday.
Trend Micro received "confirmed reports" from business customers that two of the companies were motoring and government organisations in NSW. One is a nationwide subsidiary of a US manufacturing company, Liou added.
However, Dean Stockwell, professional services director of Network Associates, claimed that 20 Australian businesses from the telecommunications, manufacturing and finance sectors have been hit.
According to a Network Associates alert issued yesterday, the virus build is similar to that of the Love Bug. It modifies and re-releases itself by attaching itself to email messages.
It arrives in the following format: Subject: Funny, Body: The male and female stages of life.
The worm was designed to spread quickly via email spamming, according to the antivirus vendors. It takes advantage of installations of Pirch, Outlook and mIRC, also spreading to available mapped drives.
Moreover, it deletes the registry editor feature on Microsoft Windows, deleting system functionalities such as keyboard keys, according to Liou. "Even if you delete one or two files, there is no quick and easy way of erasing it," he said.
Because the virus appears with joke titles in attachments, this will make it harder for users to detect, Liou said. People are falling for the virus due to its "social engineering", he believes.
"This virus will grind email systems to a halt," Stockwell said. "Nobody is safe from this virus."
Two Sydney organisations' email systems have "completely crashed", with both experiencing "different" levels of exposure, according to Stockwell. He declined to name the companies.
However, Stockwell insisted the bug is "not a huge risk" to business operations, provided companies immediately update their scan engine.
Network Associates and Trend Micro received the alert from their US parents on Saturday. Because the alarm was raised on the weekend, businesses have been slow to respond to the alert, the vendors believe.
The virus has also been detected across five US corporate networks and in India.
Network Associates speculates the "stages" virus was written by the same author as last year's Bubbleboy.