Security news
Security news1 February 2005
The worm that gurned - email virus pulls a funny face, Sophos reports
Gurning picture acts as diversion for malicious hack attack
Virus experts at Sophos have reported that a new worm demonstrates the ancient British art of gurning, the tradition of pulling a funny or scary face, as it infects computers.
The Wurmark-F worm spreads via email, pretending to be from addresses such as easy_lay666@lovenet.com, sexy_guy88@aol.com, and sexy_lil_thing@no-ip.com. Emails can have a variety of characteristics including:
Subject: Hhahahah lol!!!!
Message body:
i found this on my computer from ages ago
download it and see if you can remember it
lol i was lauging like mad when i saw it! :D
email me back haha...
Subject: Rate My Pic.......
Message body:
Hi ive sent 5 emails now and nobody will rate
my pic!! :( please download and tell me what you
think out of 10 , dont worry if you dont like it
just say i wont be offended p.s i was drunk when
it was taken :P
If recipients open the attached ZIP file and launch the files contained inside (which can have names such as Sexy_09.jpg.scr, Photo_01.jpg.scr, is_this_you.jpg.scr, and love_04.jpg.scr) then they will be infected by the worm and a graphic of an elderly man gurning is displayed:
 |
| The image displayed by the Wurmark-F worm. |
As the image is being displayed, the Wurmark-F worm installs the W32/Rbot-US network worm and backdoor Trojan horse. This malicious worm allows hackers to take remote control of infected computers, allowing them to capture keystrokes and grab screenshots (allowing opportunities for identity fraud), and even capture webcam footage of the unsuspecting user.
"At first glance some may think this worm is harmless, and be amused by its graphical payload, but it has the sinister intention of handing over control of your PC to remote hackers," said Graham Cluley, senior technology consultant for Sophos. "Unless computer users properly defend themselves with up-to-date anti-virus software, firewalls and security patches then they run the risk of having their PC exploited and their bank accounts emptied."
Sophos experts believe that the W32/Wurmark-F and W32/Rbot-US worms are evidence of a growing trend of more and more malware spying on innocent home computer owners and poorly-protected businesses.
"The simple fact is that organised criminals are more involved in virus-writing than ever before, and being more aggressive in their attempts to find new computers to infect and control," continued Cluley. "If you attach a new, unpatched computer to the internet, unprotected by proper firewalls and up-to-date anti-virus software, then it can easily be under the control of hackers within 10 minutes."
Sophos recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.
