Sex movie worm spreads worldwide
- 10 September 2010
- From the section Technology
A booby-trapped e-mail that promises free sex movies is racking up victims around the world, warn security firms.
Some variants of the Windows worm contain a link to PDF that a recipient has been told to expect.
Those clicking on the link get neither movies nor documents but give the malware access to their entire Outlook address book.
When installed, the worm sends copies of itself to every e-mail address it can find.
The malicious e-mail messages have a subject line saying "Here you have" and contain a weblink that looks like it connects to a PDF document. Instead it actually links to a website hosting the malware.
Once it is installed, the worm tries to delete security software so it remains undetected.
As well as spreading via e-mail, the worm also tries to find victims by looking for open net links from infected PCs and exploiting the Windows Autorun feature on USB drives and other attached media.
Although not widespread, reports suggest that some corporations were hit hard by it. Nasa, AIG, Disney, Procter & Gamble and Wells Fargo were all reported as struggling to contain an outbreak of the worm.
At these firms, e-mail inboxes were flooded with hundreds of copies of the e-mail messages bearing the malicious link.
Efforts to contain the virus were aided late on 9 September when the website hosting the worm was shut down. However, security firms expect new variants of the worm to turn up.
Security firm Kaspersky said the worm had some similarities to viruses such as the ILoveYou bug by exploiting Outlook address books.
"The difference with those earlier attacks is that the e-mails typically carried the malicious file itself and didn't rely on a link to a downloading site," wrote Dennis Fisher in an analysis on the Kaspersky Threat Post blog.
"But the technique used to entice users to click on the attachment or malicious link is the same: offer the user something he wants to see," he wrote.