New viruses work under cover of Nyxem

By Matt Whipp

Posted on 3 Feb 2006 at 16:42

With media coverage firmly focused on the world's Office files due to be smoked by the Nyxem worm today, other virus writers have been busy while the heat is off.

Firstly, UK security company Sophos says that a new and as yet unnamed virus has brought the Russian stock exchange to its knees late yesterday. The Russian Trading System (RTS) stock exchange confirmed: 'On February 2, 2006, a computer virus attack forced a suspension of trading on the RTS FORTS futures market, classic market and the stock exchange.'

The exchange is back up and running and it is claimed that no data has been stolen. The attack was initiated with the infection of a single PC, which suddenly began creating enormous amounts of outgoing email traffic, affecting the email traffic of the rest of the exchange.

Secondly, Danish security company Softscan says it has intercepted several thousand copies of new Bagle variants. Two variants were released within hours of each other last night.

'This tactic is obviously carefully prepared,' says Bo Engelbrechtsen, corporate communications manager of SoftScan. 'From previous experience it is evident that someone is trying to target widespread infections of Bagle whilst everyone's attention is diverted to Nyxem, including the anti-virus firms.

'Taking advantage of users that are concentrating on avoiding one infection, only to be caught out by another seems to be his speciality.'