Gruel worms launch cruel attack on Microsoft, Sophos Anti-Virus says beware

July 18, 2003 Sophos Press Release

Sophos has reported that the new Gruel worm (W32/Gruel-D), the latest in a number of variants of the worm - which poses as a critical security patch from Microsoft - actually attempts to launch a double edged attack on the Windows operating system. In addition to attacking the Windows installation, the worm displays a message abusing the Microsoft operating system.

The worm, which arrives with the email subject line 'Microsoft Windows Critical Update', claims to include patches for the latest security vulnerabilities. However, if the attached file is opened, a fake message box can appear berating the Windows operating system in a lengthy tirade. Insults include: 'Windows sucks...Windows has always sucked...It's a scam and Capitalism Sucks! Communism Sucks'.

"Judging by his lengthy rant, the author of Gruel seems to either have taken one conspiracy pill too many or has the most enormous chip on his shoulder," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Gruel is the latest in a line of viruses to have pretended to have come from Microsoft, in an attempt to trick unsuspecting users into running them. But it goes one step further by displaying a scathing attack on the Windows operating system claiming it is a scam to fleece computer owners."

"Patching computers against critical vulnerabilities makes sense - but patches should be downloaded directly from the vendor's website, rather than from an unsolicited email," continued Cluley.

When executed, the Gruel worm sends itself to all the user's email contacts, disables many Windows features - including task manager, logoff, shutdown, lock computer and change password - and also deletes many files in the Windows system folder.

The arrival of the Gruel worm coincides with genuine announcements from Microsoft of several serious new security flaws found in its operating systems software.

Sophos reminds users to be wary of unsolicited files and that Microsoft never distributes security patches via email. To update systems against Microsoft flaws, users and system administrators should visit the relevant area of Microsoft's website at www.microsoft.com/security.