The latest round of e-mailed worms is something called Goner. Like previous versions of its ilk, this is a worm that spreads itself using the Microsoft Outlook address book, sending an infected attachment to everyone you've got listed. But wait, there's more!
In addition to spreading itself by e-mail, Goner also opens up an ICQ session. (For those who don't use it, ICQ is an Internet chat client similar in function to AOL's Instant Messenger.) Once Goner starts an ICQ session, it looks for other ICQ users to contact, and then sends an infected attachment to the client on the other end. This new way of spreading is likely part of the reason Goner spreads so fast, making its way from Europe to the US in a matter of hours.
Once the Goner worm gets to your computer, it attempts to erase critical files from your antivirus program, and from your personal firewall. There are some reports that Goner also erases critical system files.
Goner is nasty, but not really nastier than most of the other similar worms that have been making the rounds lately. What's unique about Goner is its ability to initiate and spread through ICQ and to attempt to disable your personal firewall. The fact is, though, you shouldn't be caught by this one.
If you're still using Outlook as a client, surely you've disabled its ability to automatically open attachments. And, of course, you've trained your users NOT to manually open attachments of any kind, unless they're expecting them, and already know what the attachment contains…right?
The ability to spread through ICQ shouldn't be an issue in business. This is a tool that's used almost solely for recreational purposes, and it's unlikely to be installed in a business environment. You have checked your company's computers for such things, haven't you?
So, what's to worry about? There's always the bozo that brings an infected disk from home, and of course, there will always be those who ignore their training or the company rules, and run something like ICQ at work or open attachments. But for that, you've got your antivirus software.
Fortunately, the major antivirus vendors had their definitions updated almost instantly with this one, and if you've done your updates, and you're filtering e-mail as it downloads, you should be safe. Of course, you might sleep a little better if you dumped Outlook and used something else like GroupWise or Notes, or even a simple POP3 client such as Eudora. All of these are immune to Outlook worms and viruses.
If there was ever a good reason to keep your training and procedures updated, this worm is it. Making sure your employees know the right way to defend against worms such as Goner, and that they know how to keep their computers free of unauthorized software and their protection updated, will prevent problems with the Goner worm and with nearly every other piece of hostile software. All it takes is time and persistence.
