Sophos has reported that the new Gruel worm (W32/Gruel-D), the latest
in a number of variants of the worm - which poses as a critical
security patch from Microsoft - actually attempts to launch a
double edged attack on the Windows operating system. In addition to
attacking the Windows installation, the worm displays a message
abusing the Microsoft operating system.
The worm, which arrives with the email subject line 'Microsoft
Windows Critical Update', claims to include patches for the latest
security vulnerabilities. However, if the attached file is opened,
a fake message box can appear berating the Windows operating system
in a lengthy tirade. Insults include: 'Windows sucks...Windows has
always sucked...It's a scam and Capitalism Sucks! Communism
Sucks'.
"Judging by his lengthy rant, the author of Gruel seems to
either have taken one conspiracy pill too many or has the most
enormous chip on his shoulder," said Graham Cluley, senior
technology consultant for Sophos Anti-Virus. "Gruel is the latest
in a line of viruses to have pretended to have come from Microsoft,
in an attempt to trick unsuspecting users into running them. But it
goes one step further by displaying a scathing attack on the
Windows operating system claiming it is a scam to fleece computer
owners."
"Patching computers against critical vulnerabilities makes sense
- but patches should be downloaded directly from the vendor's
website, rather than from an unsolicited email," continued
Cluley.
When executed, the Gruel worm sends itself to all the user's
email contacts, disables many Windows features - including task
manager, logoff, shutdown, lock computer and change password - and
also deletes many files in the Windows system folder.
The arrival of the Gruel worm coincides with genuine
announcements from Microsoft of several serious new security flaws
found in its operating systems software.
Sophos reminds users to be wary of unsolicited files and that
Microsoft never distributes security patches via email. To update
systems against Microsoft flaws, users and system administrators
should visit the relevant area of Microsoft's website at www.microsoft.com/security.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.