Effective measures dampen virus damage

Recent attempts by virus writers to cause chaos to company networks have had little impact, prompting experts to hope that businesses are finally taking the problem seriously.

New viruses detected in the wild over the past few weeks have caused few infections after their first 24 hours, suggesting that companies are reacting quicker to alerts.

The latest, SoBig.E, caused a large number of infections in its first 24 hours but then dropped off rapidly.

A similar pattern was seen with the MaGold D worm spotted at the start of this week, and last week's Auric E and NoFear B worms.

"There was a flash in the pan last night, but SoBig.E was dead by this morning; no corporate infections at all as far as we know," said Jack Clark, product manager at security vendor Network Associates.

"I hope the message is getting through now. It certainly seems to be. Virus updates are obviously being downloaded more quickly and implemented more efficiently."

SoBig.E is the fifth variant of the worm and was first detected on 24 June. For the first time it uses a compressed attachment to carry its payload, with the name your_details.zip, application.zip, document.zip, screensaver.zip or movie.zip.

The email header is spoofed and purports to come from support@yahoo.com. Once activated the worm uses its SMTP engine to mail itself to all email addresses on the computer.

Graham Cluley, senior technology consultant at AV vendor Sophos, said the situation may change once the US has had a full working day

"I think it's a combination of better antivirus software, automated virus definition uploading and more proactive action by companies in blocking attachments.

"Sadly, in this case, some users may get infected if their company hasn't blocked compressed files as well as executables."

SoBig.E will deactivate on 14 July and cease to spread, although experts have warned that a new variant could be out shortly.