The Code Red virus may have garnered all the headlines this past summer, but companies should also beware of the lower-profile Sircam worm. Designed to attack vulnerabilities in Microsoft Outlook, the worm will choose a file on local hard drives to infect and randomly send it off to unsuspecting recipients. Sircam is insidious — it sends itself out selectively and doesn’t do massive damage — but it can destroy files and slow performance.
The worm’s greatest damage might be done on peer-to-peer networks. Because client machines communicate without the intermediation of a central server, Sircam can rapidly hop from machine to machine until the entire network is completely infected. “It’s not that a peer-to- peer network is more vulnerable to a worm or a virus, but they certainly spread a heck of a lot faster,” says Mike Ellsworth, managing principal at Stratvantage, a business-to-business consulting firm with expertise in peer-to-peer networks.
The lack of central administration can make worms and viruses more difficult to banish from corporate networks because an IT staffer can’t simply hit the “off” button on the file server, stopping file access and transfer until the infection is localized and obliterated. “A number of common virus controls, such as knowing who the sender is or having a reasonable expectation that what you’re downloading is safe, are often absent from a peer-to-peer network,” says Ellsworth. For example, in the absence of file authentication, an employee viewing his or her peer-to-peer interface might see that a colleague has the latest version of a work proposal when it fact it is a virus disguising itself.
A debate rages as to whether antivirus software on desktop machines can thwart Sircam, although vendors claim that a postinfection cure is relatively easy. Nonetheless, a virus doesn’t need to be glamorous to do plenty of damage. This year 94 percent of companies said they had been hit by computer viruses in the past 12 months.