Yui Kee Co. Ltd. Press Release For immediate release
15 November, 2000

Yui Kee Warns that Navidad Worm is spreading through e-mail in Hong Kong

15 November 2000, Hong Kong: The Navidad worm which has recently been spreading around the world has now been confirmed at several sites in Hong Kong. Navidad was first seen by some anti-virus companies over two weeks ago, and all the major developers have released updates to detect it. However, it has continued to spread and there are reports from many countries:

Korea, Norway, France, Canada, Luxembourg, Australia, UK, Peru, USA, Panama, Brazil

Navidad uses Microsoft Outlook to reply to messages in the victim's inbox, sending itself as an attachment called NAVIDAD.EXE. The recipient therefore sees a reply to a message they sent, and might therefore be tempted to open it, infecting themselves. Allan Dyer, Chief Consultant of Yui Kee Computing Ltd. commented, "It is not enough to say, 'don't open untrusted attachments' because people do often trust the people they are e-mailing and worms like Navidad exploit this. Users should practice Safe Hex to protect themselves." The Safe Hex guidelines can be found at:

http://www.sophos.com/virusinfo/articles/safehex.html

Dyer continued, "The spread of Navidad shows that many users and companies have returned to complacency as the memory of LoveLetter fades. Users should always be cautious about opening attachments, and companies should be keeping their anti-virus software updated regularly, either of these would have stopped Navidad spreading." Most anti-virus software can be configured to automatically download updates from the Internet, and distribute them within a company. Vendors will be happy to advise companies on the best configuration for their needs.

Dyer also offered some congratulations, "Anti-virus is an area where failures are headline news, and successes go unnoticed. However, some companies have avoided infection by Navidad. I would encourage the managers in those companies to check why, give the IT staff a pat on the back, and encourage them to continue their vigilance."

Removal of Navidad, and correction of the changes it makes is not totally straightforward, Users of infected machines should refer to the detailed instructions of their anti-virus vendor, or their technical support. Full technical descriptions are available at:

http://www.sophos.com/virusinfo/analyses/w32navidad.html
http://www.f-secure.com/v-descs/navidad.shtml
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NAVIDAD.A&VSect=T
http://www.sarc.com/avcenter/venc/data/w32.navidad.html

About Yui Kee

Yui Kee Computing Ltd. is a leading vendor of security solutions and security services in Hong Kong, and a Data Fellows Certified Anti-virus Centre. Yui Kee Computing was established in 1993 and services the security needs of all sizes of customers, from home users, through companies to major banks and government departments. Yui Kee Computing provides Anti-Virus and Data Security Consultancy, Training and Project Management Service, and is the top reseller of Anti-Virus Software with support.

For further information, please contact

Hong Kong:
Yui Kee Co. Ltd.
Mr. Allan Dyer, Technical Director
Tel: +852 28708555
Fax: +852 28736164

or visit the Yui Kee web site at http://www.yuikee.com.hk/