The spread of the Prolin worm through New Zealand organisations is a reminder of the danger of opening unsolicited email attachments, says the Australasian head of UK anti-virus software company Sophos.
Richard Baldry, who is based in Sydney, says organisations should reinforce the message to users to leave attachments alone.
Baldry says while Prolin has been making an impact in the past week, Navidad is proving a more persistent and damaging virus, and is top of Sophos's list of active viruses.
"Prolin is a 'one-hit' worm. It activates when you double-click on the attachment, but only then. Navidad inserts copies of itself onto your hard disk and modifies registry entries so that the worm gets executed quite regularly and stays on the system after the initial infection," Baldry says.
"Prolin sends itself only to the top 50 entries in the outlook address book, like Melissa. Navidad attempts to send itself to anyone who sends you a message.
"All these kinds of email worms require the user to double-click on the attachment to spread. They therefore need to find some way of enticing the user to do this.
Baldry says Prolin is interesting because "it is a hugely misguided attempt at pro-Linux advocacy", and it uses the Shockwave icon to make it look like a genuine Shockwave Flash movie.
He predicts it will quickly fizzle out.
Local organisations hit by Prolin include internet service provider Xtra and the Auckland public relations company for anti-virus maker Symantec, Botica Conroy & Associates (which sent numerous copies to Computerworld).