osforge.com

Several antivirus firms are warning about Gokar, a new worm that uses Internet relay chat application mIRC and Microsoft Outlook to propagate. Early reports suggest the worm originated in Asia overnight.

The use of mIRC makes the worm stand out from the crowd, Craig Coward, a spokesman for F-Secure, told Newsbytes, as well as its ability to disguise itself using random attachment and subject names.

"F-Secure has issued a level-two alert about the worm," he said. Level two, one of three alert levels, means the virus is active in the wild and is technically sophisticated.

Like the Goner worm that spread earlier this month, Gokar is security software-aware and actively seeks to disable antivirus applications from most popular vendors.

The Asian office of Trend Micro, which appears to be the first antivirus firm to have issued a customer warning, says the virus executes on Win 95/98/NT/2000 and ME platforms and is 14,336 bytes long. The worm is detectable, the company adds, by the presence of a file called karen.exe in the main Windows directory.

Trend says that, if the infected machine is working as a Web server, the worm will modify the Microsoft IIS starting page to offer Web.exe as a downloadable file to all visits to the Web site.

F-Secure's Web site is at http://www.f-secure.com .

Trend's Web site is at http://www.antivirus.com .

Reported by Newsbytes.com