Security news
Security news29 November 2002
Are CEOs bad for your company's data?
Sophos researchers have advised computer users hit by the W32/Winevar-A worm to double-check their computer's file associations after cleaning up their infection.
One of the interesting payloads of W32/Winevar-A is that it changes file associations so that all files ending .CEO are treated as if they are executable. This means a future virus could transmit itself amongst Winevar victims in the form of a .CEO file.
"Many users who are naturally suspicious of a .EXE or .VBS file may think a .CEO is safe," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "When you clean-up after a virus infection it's important not just to remove the virus but to patch any other vulnerabilities it may have inserted for possible future exploitation."
The W32/Winevar-A worm has a number of payloads, including attempting to disable anti-virus programs and - in some circumstances - deletion of all files on the user's hard drive.
Users who have deployed Sophos MailMonitor for SMTP's threat reduction technology can pro-actively block any Windows executable code from entering their organisation, regardless of the file's extension.
