RealTime IT News

Davinia Is No Threat, Says Kaspersky Lab

[London, ENGLAND] Recent press speculation about the threat posed by the Internet worm known as "Davinia" is misinformed, say experts at Russian data-security company Kaspersky Lab.

"We are quite sure that 'Davinia' poses absolutely no threat, simply because the Web site that was used to penetrate into a user's computer was shut down right after the worm was discovered," said Denis Zenkin, head of corporate communications for Kaspersky Lab.

Kaspersky says it has not received any reports of the provocatively named Davinia being found "in the wild."

However, before network administrators worldwide begin to smile, Kaspersky warns that other modifications of the worm may appear in the very near future. It could, for example, be propagated from other Web sites and find its way into corporate networks via e-mail attachments.

Kaspersky recommends that users install a patch for Microsoft Office as a precautionary measure. It is available from Microsoft at this Web address: http://officeupdate.microsoft.com/2000/downloadDetails/uactlsec.htm

The worm exploits the "Office 2000 UA Control Vulnerability" first discovered in May 2000. It penetrates a user's computer by means of a two-stage process.

First, an e-mail message arrives and opens an additional Internet Explorer window, initiating a connection to the hacker's Web site. Another script then switches off MS Word's built-in anti-virus protection -- and the damage can begin.

Once the worm has gained access to MS Outlook it can send out e-mail messages to all the addresses listed, with a link to the rogue Web site. This means that the virus itself is only ever presented on the remote site -- and is not mailed directly to users.

Zenkin said Davinia was evidence of an alarming trend, because it showed that virus writers were moving away from the familiar methods of penetrating computers by pretending to be interesting utilities.

"Today, we see more and more malicious code exploiting security breaches in different applications and operating systems. This makes timely installation of security patches crucial for both home and corporate users," added Zenkin.

Kaspersky Lab., which has an office in the U.K. in Cambridge, carries full details about Davinia and other viruses on its Virus Encylopedia at viruslist.com.