A new strain of the Rinbot virus -- unusual in that it targets Symantec's antivirus program instead of Microsoft software -- has infiltrated CNN's network, the news organization reported. Other large corporate networks may still be in danger of attack, but there is no cause for panic, according to Graham Cluley, senior technology consultant with IT security firm Sophos.
A new computer virus targeting antivirus vendor Symantec's (Nasdaq: SYMC) security software has hit a division of at least one big U.S. corporation this week and is still considered a threat to other networks.
The virus, which has reportedly infested CNN and its parent company Turner Broadcasting System, is the latest strain of the Rinbot computer virus, which hijacks network systems and takes control of computers remotely.
It appears to be deliberately targeting weaknesses in Symantec's antivirus software.
Story Overblown?
The Rinbot virus has been floating around in the wild for more than a week, said Graham Cluley, senior technology consultant with Boston-based IT security firm Sophos, but it didn't receive much attention until it hit CNN, which ran a story about the attacks.
"We believe it is the latest strain of the 7th version of Rinbot, which first emerged in March 2005," Cluley told TechNewsWorld. However, he believes the CNN story regarding the virus has caused an unnecessary panic.
"That made everyone think it is a much bigger deal than it was," said Cluley.
Virus Variant
The latest variant of the worm is designed to exploit security vulnerabilities embedded in Symantec's antivirus software, according to Cluley. After a system is affected, the virus quickly spreads and takes over computers with the intention of turning the network into a botnet, or "zombie" network.
"Traditionally, hackers have gone after Microsoft's (Nasdaq: MSFT) antivirus programs," said Cluley, "but now they're increasingly targeting other commonly used programs such as Symantec programs and others."
Back Door
The Rinbot worm opens a back door in affected networks and connects to an IRC (Internet relay chat) server, allowing an attacker to send commands.
The worm spreads using known vulnerabilities in Symantec's antivirus software, which the security company says it has since patched.
Once it sneaks through a back door, it targets MS SQL servers, Cluley said, searching for networks that run Microsoft Windows operating systems, including Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT and Windows XP.
The virus then spreads through the network by manipulating weak spots such as simple passwords, according to Cluley.
Avoiding the Hassle
Companies can avoid the consequences of a virus attack by completely updating their antivirus software, said Cluley. However, he conceded that isn't as easy as it sounds.
"If you have the latest security patches in place, it shouldn't have an impact," he said. "However, life isn't always that simple. Rolling out patch across a whole enterprise can be tough."
Symantec Offers Five-in-One Security Bundle February 26, 2007
Symantec's newly released Norton 360 security product, which provides antivirus, antispyware, antiphishing and other common security protections, can be loaded on up to three computers. Norton 360 is touting the comprehensive PC package as both simple to install and easy to use.
Related Stories
2007 Security Threats on the Rise January 10, 2007
With the new calendars freshly hung on the wall, an important question surfaces: What security threats are on the rise for 2007? It appears that the year will bring more narrowly defined threats or "targeted threats," which are different from what we've seen before. They are more focused on individual information as opposed to mass-mailing worms that are sent over the Internet to randomly infect victims.
'Happy New Year' Worm Spawns Computer Zombies December 29, 2006
Verisign is warning of a new worm that travels via e-mail with the subject "Happy New Year!" Users who open an attached executable file trigger installation of several different malicious code variants on their computers, which then execute mass mailings. The worm, which is already being heavily spammed, is being sent via over 160 domains, the security company said.
Security Hole in Microsoft Word Threatens Millions December 07, 2006
"Users, home and corporate, need to understand that even if an e-mail appears to come from someone they know, it may not have actually been sent by that person," warned Randy Abrams, director of technical education at ESET. "Attachments that are not asked
for or expected should not be opened prior to confirming with the sender that they actually did send the attachment and why."
Related News Alerts
More by Tim Gray
Blockbuster Lowers Subscriptions Rates June 13, 2007
Blockbuster will now offer a new plan allowing customers to place online orders to rent three movies at a time for $16.99, a dollar less than its previous top-tiered offering, called Total Access. The movies are mailed to the customer. Blockbuster is losing money on the online business but says it will be profitable next year as orders rise.
Toshiba Slashes HD DVD Sales Targets June 12, 2007
Toshiba now expects to sell 44 percent fewer HD DVD players than forecast this year. The slump comes at a critical time for the company, as the market still has not shown which high definition disc player format will dominate. Blu-ray Disc technology, rival of the HD DVD format, already has a foothold in 170 major companies.
Jobs: We Also Make Computers June 12, 2007
Apple provided at its annual developer conference a peek at some of the 300 new features of "Leopard," the company's latest operating system, which is slated for October release. The computer maker will also make its Safari Web browser available for users of Microsoft's Windows operating system.
Headline Feeds
Talkback: 
