[London, ENGLAND] Recent press speculation about the threat
posed by the Internet worm known as “Davinia” is misinformed,
say experts at Russian data-security company Kaspersky Lab.
“We are quite sure that ‘Davinia’ poses absolutely no threat,
simply because the Web site that was used to penetrate into a
user’s computer was shut down right after the worm was discovered,”
said Denis Zenkin, head of corporate communications
for Kaspersky Lab.
Kaspersky says it has not received any reports of the provocatively
named Davinia being found “in the wild.”
However, before network administrators worldwide begin to smile,
Kaspersky warns that other modifications of the worm may appear
in the very near future. It could, for example, be propagated
from other Web sites and find its way into corporate networks
via e-mail attachments.
Kaspersky recommends that users install a patch for Microsoft
Office as a precautionary measure. It is available from Microsoft
at this Web address:
The worm exploits the “Office 2000 UA Control Vulnerability”
first discovered in May 2000. It penetrates a user’s
computer by means of a two-stage process.
First, an e-mail message arrives and opens an additional
Internet Explorer window, initiating a connection to the
hacker’s Web site. Another script then switches off MS Word’s
built-in anti-virus protection — and the damage can begin.
Once the worm has gained access to MS Outlook it can send
out e-mail messages to all the addresses listed, with a
link to the rogue Web site. This means that the virus itself is
only ever presented on the remote site — and is not mailed
directly to users.
Zenkin said Davinia was evidence of an alarming trend, because
it showed that virus writers were moving away from the familiar
methods of penetrating computers by pretending to be
“Today, we see more and more malicious code exploiting security
breaches in different applications and operating systems. This
makes timely installation of security patches crucial for both
home and corporate users,” added Zenkin.
Kaspersky Lab., which has an office in the U.K. in Cambridge, carries
full details about Davinia and other viruses on its Virus
Encylopedia at viruslist.com.