Anti-virus company Sophos has warned against alarmist responses to disparities between reported numbers of virus infections and the number of interceptions.
In the case of Swen (or Gibe), the latest worm masquerading as a Microsoft support mail, security firm iDefense reports that the number of actual infections is far higher than the number of reported interceptions. But Sophos distributor Netxactics advises users not to overreact.
"It is true that there is a false sense of security in some regions, but saying so without qualifying it may wrongly add to the fact that anti-virus software is already a grudge buy," says Netxactics CEO Brett Myroff.
He says no Sophos clients in SA have been infected. "If your anti-virus is up to date, you have adequate protection," he adds.
The numbers
iDefense states in a press release that a "worm Web counter", supposedly set up by the Swen attacker, "indicates more than 1.5 million infected computers in the first 24 hours", but only "20 000 interceptions", meaning there "may actually be several hundred thousand infected computers" worldwide.
The company further states that home users are under-represented when it comes to available public statistics, because Swen targets home users, meaning that "for every interception we locate, there are countless others that go undetected".
Fear and loathing
"There is a growing pool of computers worldwide that are regularly infected with viruses like Swen. These computers are often used to send out new viruses," the company states. It adds that once Swen infects a computer, "it goes to a remote Web site so that the attacker can track the success of the outbreak".
"Obviously those visiting the site, such as myself, were adding hits to the page so that skews the interpretation a bit," admit Ken Dunham, malicious code intelligence manager of iDefense and originator of the release.
Squeaky clean
Myroff stresses that no Sophos clients in SA have been infected. He agrees that in many parts of the world, it is reasonable to say people have a false sense of security. "But this is mostly true in countries where there is a high degree of software piracy and freeware use, meaning the lack of backup is more pronounced.
"If you have genuine software and are up to date, Sophos as well as most others will provide adequate protection."
Myroff says Sophos does not over-hype infections and the risk they pose, and pleads for a level-headed approach from users and trust in current technology.
Symantec Security Response has upgraded W32.Swen.A@mm to category 3, reports the company.
Related story:
Beware the fake security patch
Share
