We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Wed 2 Oct 2002 04:00 AM

Font Size

- Aa +

Multi-component virus gathers steam

Kaspersky Labs has detected a new Internet worm called Tanatos that spread via e-mail attachments and local area networks (LANs).

Russia based-Kaspersky Labs has detected a new Internet worm called Tanatos. Spread via e-mail and local area networks (LANs), the worm is a 50K/byte Windows attachment that is written in Microsoft Visual C++ and arrives compressed by the UPX compression utility.According to Kaspersky Labs, the fact that Tanatos is spreading via e-mail attachment files with differing headings, body texts, file attachment names and even formats, makes it harder to identify infected e-mail messages from their external properties. “Infected messages consistently have plain text or HTML format. With the plain text version users must actively open the attached file, thereby letting the worm loose. With the HTML version, after the worm arrives in the inbox of potential victims, Tanatos waits for its e-mail message to be read, for example, in the preview window. Once this occurs, by exploiting the "IFRAME" vulnerability in theWindows Explorer's security system, it secretly launches itself and infects the machine,” says Denis Zenkin, Head of Corporate Communications ofKaspersky Labs. To spread over local area networks, the Tanatos worm goes through all network access resources and searches for the Windows system auto-run directory, where it copies itself so that it will execute the next time the infected computer is booted. This function can only work if there is a general write permission enabled for the directory. After activation, Tanatos registers itself in the system registry auto-run key so that its malicious code will activate each time Windows is booted.Kaspersky Labs says that potential victims of Tanatos are computers hosting the Klez worm, as both worms exploit the "IFRAME" vulnerability. "When taking into account the fact that Klez, to this day, still maintains first place in the list of most widespread virus programs, it is possible to expect Tanatos to do its share of damage as well", says Zenkin.

Arabian Business: why we're going behind a paywall

For all the latest business news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.
Real news, real analysis and real insight have real value – especially at a time like this. Unlimited access ArabianBusiness.com can be unlocked for as little as $4.75 per month. Click here for more details.

Read next