news

threat only applies to patronsof Gnutella.

'Magistr' wormshows no justice

The Kriz worm of 1999 hasbeen reincarnated as aworm/virus half-breed. Itsname is W32.Magistr andalthough it will not charmusers into opening it —unlike the prolific NakedWife or Anna Kournikovathreats — when launched itpacks a hefty punch. And it isin the wild now.

Magistr can infect via an E-mail attachment or throughshared resources on a LAN. Itspreads by collecting all of theE-mail addresses on a system —Outlook, Netscape Messengeror Internet Mail and News —and carries its own STMP han-dler to send itself out to all ofthese addresses.

It can overwrite all of the fileson a hard drive — with an abu-sive string — erase the CMOS,and destructively flash theBIOS, rendering an affectedmachine useless.

Eric Chien at Symantecexplained, "It is a polymorphicvirus which can infect throughE-mail and over the network.If you are infected with thisvirus, your computer is toast."

However, once a machine isincapacitated, then it cannotspread the virus. This mightexplain why MessageLabs hasintercepted only a handful ofcopies of the virus thus far —that's 350 times fewer thanAnna Kournikova in theequivalent period. Magistr ismoving slowly but strikinghard.

The worm is a 30KB attach-ment written in assembly

code. The infecting E-mailcan have any one of a selectionof court-related subject fields— in English, Spanish orFrench. It contains the ‘copy-right’ message: “ARF! ARF! IGOT YOU! v1rus: JudgesDisemboweler. by: The JudgesDisemboweler. writen inMalmo (Sweden).”

Steve Woollard at Utimaconeatly summed Magistr up as asymptom of the “seeminglyinevitable rise of the poly-morph”. He suggests that justtelling users not to click onattachments is simply not work-ing, and that sandboxing mightbe a more appropriate solution.

Conversely, Graham Cluleyfrom AV vendor Sophosclaims that the incidentstrengthens the argument forpracticing “safe computing”,whereby you do not openunexpected E-mails thatappear to be suspect (this isalso known as common sense),whilst ensuring that your anti-virus protection is kept up-to-date. He also recommendsthat companies block all EXEfiles at gateway level.

Magistr is causing consterna-tion amongst the anti-virus ven-dors. Kaspersky Labs has calledit “extremely dangerous”,Symantec says it is “extremelydestructive”, but Trend Microhas classified it as low risk.

The most comprehensive tech-nical appraisal of Magistr is atwww.kaspersky.com.

Schlumbergerbuys into wirelessmarket

Schlumberger has strength-ened its position in the

wireless space with the acqui-sition of mobile Internetcompany PCS Innovations(PCSI).

PCSI’s messaging gateway,MobileMAGIC, allows variousmobile devices to communicateregardless of the protocol orstandard running. It uses PKItechnology to secure communi-cations and Schlumberger willintegrate this functionality intoits SIM card.

The step was motivated bya need for “an edge in thecoming third-generationwireless data market,” saidStephane Legentil from thewireless services division atSchlumberger.

Contactless smartcards showcasedat CeBIT

OTI and Funge Systems havemade a strategic alliance,teaming up to create contact-less smart cards to facilitateM-commerce transactions.The technology was demon-strated for the first time at theCeBIT trade show inHanover.

The contactless technologyrequires a plug-in, in the formof a patented attachment,which can be applied to anexisting mobile phone.

The consumer uses theembedded smart card todownload funds over theexisting GSM network, andthen is immediately able tomake a transaction with awireless point of sale (POS).Funds are then deductedfrom the balance on thephone.

Most enabling applicationsfor M-commerce require a

plethora of phone calls, whichsometimes lead to prohibitivetransaction costs. However,this system does not requirethe consumer to make anyphone calls to complete atransaction, making low valuepurchases more practical. OTIsays that the revenue willinstead be generated fromongoing transaction fees, gen-erated through the use of thedevice and from the sale ofproducts.

The device contains amicroprocessor that enables itto manage a variety of applications such as loyaltyprogrammes and access control.

SmartTrust teamup with CMG inwireless space

Internet security firmSmartTrust has teamed upwith wireless messaging andbilling company CMG.They plan to bring securewireless transactions to mar-ket by creating a synergyfrom their existing tech-nologies.

The alliance anticipates thedevelopment of a user-friendlyinterface based on open XMLand PKI standards. It will sup-port WAP and SIM Toolkitmobile phones.

CMG’s marketing mansaid, “We will enable ourcustomers to take the lead inmobile commerce now ratherthan having to wait for thenew generation of mobilephones.”

See www.cmg-wireless.com orwww.smarttrust.com for furtherdetails.

4

Market News