Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Yui Kee Warns that Navidad Worm is spreading through e-mail in Hong Kong

First published: 15th November 2000

15 November 2000, Hong Kong: The Navidad worm which has recently been spreading around the world has now been confirmed at several sites in Hong Kong. Navidad was first seen by some anti-virus companies over two weeks ago, and all the major developers have released updates to detect it. However, it has continued to spread and there are reports from many countries:

Korea, Norway, France, Canada, Luxembourg, Australia, UK, Peru, USA, Panama, Brazil

Navidad uses Microsoft Outlook to reply to messages in the victim's inbox, sending itself as an attachment called NAVIDAD.EXE. The recipient therefore sees a reply to a message they sent, and might therefore be tempted to open it, infecting themselves. Allan Dyer, Chief Consultant of Yui Kee Computing Ltd. commented, "It is not enough to say, 'don't open untrusted attachments' because people do often trust the people they are e-mailing and worms like Navidad exploit this. Users should practice Safe Hex to protect themselves." The Safe Hex guidelines can be found at:

http://www.sophos.com/virusinfo/articles/safehex.html

Dyer continued, "The spread of Navidad shows that many users and companies have returned to complacency as the memory of LoveLetter fades. Users should always be cautious about opening attachments, and companies should be keeping their anti-virus software updated regularly, either of these would have stopped Navidad spreading." Most anti-virus software can be configured to automatically download updates from the Internet, and distribute them within a company. Vendors will be happy to advise companies on the best configuration for their needs.

Dyer also offered some congratulations, "Anti-virus is an area where failures are headline news, and successes go unnoticed. However, some companies have avoided infection by Navidad. I would encourage the managers in those companies to check why, give the IT staff a pat on the back, and encourage them to continue their vigilance."

Removal of Navidad, and correction of the changes it makes is not totally straightforward, Users of infected machines should refer to the detailed instructions of their anti-virus vendor, or their technical support. Full technical descriptions are available at:

http://www.sophos.com/virusinfo/analyses/w32navidad.html
http://www.f-secure.com/v-descs/navidad.shtml
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NAVIDAD.A&VSect=T
http://www.sarc.com/avcenter/venc/data/w32.navidad.html