Although assessments of PrettyPark's capabilities vary, and damage reports are sketchy, anti-virus firms advised Friday that users update their anti-virus programs to guard against the worm/Trojan, which was discovered as early as May 12.
Anti-virus company Panda Software said PrettyPark, which is also known as Pretty Worm, reaches users' computers as an attached file in an e-mail message, just like the Melissa virus. Once executed, PrettyPark installs itself in the infected system, then sends messages with an attached copy of itself to addresses listed in the Windows Address Book.
Panda said PrettyPark attempts to connect to an Internet relay chat server from a list of 13 possible servers, then send a message to a chat user -- enabling its author to gather data on and monitor affected workstations. PrettyPark can then be manipulated as a Trojan Horse, Panda said, to obtain data such as the list of available disks and confidential information such as logins and Internet connection passwords.
Panda Software U.S. executive director Pedro Bustamante said Friday his company had replicated the "potentially high risk" worm/Trojan in its European anti-virus lab. "It could potentially be very high risk," Bustamante said. "The interesting thing about this new Trojan is that, unlike Melissa, it doesn't send itself once; it sends itself every 30 seconds."
Trend/Micro, Symantec (Nasdaq:SYMC) and Network Associates (Nasdaq:NETA) reported Friday that they have been unable to duplicate PrettyPark. In a virus alert, Network Associates said PrettyPark was low risk.
'Can't confirm auto-spam'
Trend/Micro director of technology Dan Schrader said the anti-virus company's customers reported PrettyPark's auto-spamming, but "can't confirm the auto-spamming function."
"We've seen 40 incidents in the last 48 hours. All the incidents so far have been in France," said Schrader, adding that PrettyPark was similar to the notorious Happy 99 executable that struck earlier this year.
Schrader said PrettyPark has the potential to spread widely -- if it can in fact automatically send itself to everyone in a user's address book. But, because Trend/Micro has been unable to replicate this auto-spam capability, and because it so far seems to be centered in France, Trend/Micro suspects that someone may have spread it by hand.
Symantec, Trend/Micro, Panda and Network Associates have all posted anti-virus updates to cover PrettyPark.
Luke Reiter, CyberCrime, contributed to this report.
Anti-virus companies said Friday that W32/PrettyPark, a new e-mail worm program with Trojan horse characteristics, poses a potentially high risk to Internet users on Windows-based systems.
Although assessments of PrettyPark's capabilities vary, and damage reports are sketchy, anti-virus firms advised Friday that users update their anti-virus programs to guard against the worm/Trojan, which was discovered as early as May 12.
Anti-virus company Panda Software said PrettyPark, which is also known as Pretty Worm, reaches users' computers as an attached file in an e-mail message, just like the Melissa virus. Once executed, PrettyPark installs itself in the infected system, then sends messages with an attached copy of itself to addresses listed in the Windows Address Book.
Panda said PrettyPark attempts to connect to an Internet relay chat server from a list of 13 possible servers, then send a message to a chat user -- enabling its author to gather data on and monitor affected workstations. PrettyPark can then be manipulated as a Trojan Horse, Panda said, to obtain data such as the list of available disks and confidential information such as logins and Internet connection passwords.
Panda Software U.S. executive director Pedro Bustamante said Friday his company had replicated the "potentially high risk" worm/Trojan in its European anti-virus lab. "It could potentially be very high risk," Bustamante said. "The interesting thing about this new Trojan is that, unlike Melissa, it doesn't send itself once; it sends itself every 30 seconds."
Trend/Micro, Symantec (Nasdaq:SYMC) and Network Associates (Nasdaq:NETA) reported Friday that they have been unable to duplicate PrettyPark. In a virus alert, Network Associates said PrettyPark was low risk.
'Can't confirm auto-spam'
Trend/Micro director of technology Dan Schrader said the anti-virus company's customers reported PrettyPark's auto-spamming, but "can't confirm the auto-spamming function."
"We've seen 40 incidents in the last 48 hours. All the incidents so far have been in France," said Schrader, adding that PrettyPark was similar to the notorious Happy 99 executable that struck earlier this year.
Schrader said PrettyPark has the potential to spread widely -- if it can in fact automatically send itself to everyone in a user's address book. But, because Trend/Micro has been unable to replicate this auto-spam capability, and because it so far seems to be centered in France, Trend/Micro suspects that someone may have spread it by hand.
Symantec, Trend/Micro, Panda and Network Associates have all posted anti-virus updates to cover PrettyPark.
Luke Reiter, CyberCrime, contributed to this report.
