Worm Variants Wriggle Onto the Scene
Dr Solomon’s Software, the current publisher of Virex, an anti-virus utility, announced two Virex updates in quick succession last week. These new versions find and remove two newly discovered variants of the AutoStart 9805 worm, originally reported in "AutoStart Worm Breaks Mac Malware Silence" in TidBITS-428.
Dr Solomon’s says the variants replace previous versions of the worm, if found, and each uses different filenames from those used by the original AutoStart 9805 worm, making them harder to find. AutoStart 9805-B doesn’t restart the computer, as do the others, and AutoStart 9805-C doesn’t directly damage files. Also, the B variant targets different kinds of data files than the original for its damaging sweeps.
TidBITS has heard of several freeware utilities designed to combat the AutoStart 9805 worm. Because these utilities fail to spot the new variants during scans, we can’t recommend their use. Instead, we encourage all TidBITS readers to contact the publishers of their favorite commercial anti-virus utilities for an update. Remember that outdated anti-virus software is next to useless, and although the AutoStart 9805 worm initially appeared in Hong Kong, we’ve heard reports of it surfacing in the U.S. as well. If nothing else, make sure to disable the CD-ROM AutoPlay option in the QuickTime Settings control panel.