Computer worm attacks British Prime Minister Tony Blair, reveals Sophos Anti-Virus

September 04, 2003 Sophos Press Release

Sophos has detected a new internet worm which, when run, launches a scathing attack on British Prime Minister Tony Blair and attempts to knock the Downing Street website off the internet.

The Quaters worm (W32/Quaters-A) displays a message accusing Blair of wasting taxpayers' money on illegal immigrants rather than investing in the National Health Service or schools.

The worm overwrites files on the user's computer with the text "Infected by the WIN32.SORT-IT-OUT-BLAIR Virus!" and can display the following message:

"Dear Tony Blair,
Why are you spending all our taxes on illegal immigrants!?! How about you stop worrying about other countries and worry about ours??? Stop spending money on immigrants and spend it on things like OAP's who fought to keep this country free but are now getting treated worst than illegal immigrants! How about spend a little money on the NHS or the education system!?! Think about it Mr Blair. Your career depends on it. We've had enough."

The Quaters worm spreads via email, using a variety of subject lines relating to account information, and by internet chat systems posing as an attempt to break an internet chain mail world record. The worm attempts to launch a denial of service attack against www.number-10.gov.uk, the website of the Prime Minister's official residence at 10 Downing Street, London.

"Tony Blair is having enough problems with his chief spin doctor resigning and the Hutton Inquiry, without having an axe-grinding British virus writer causing mischief too," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "It's not the first time that viruses have included a political message. Previous worms have highlighted the friction between India and Pakistan and other world leaders such as Bill Clinton have been attacked in the past. Former Prime Minister Margaret Thatcher suffered in the 1990s from the Fu Manchu virus which replaced her name with an expletive whenever it was typed."

Sophos reports that there have been few reports of the Quaters worm from the wild, but reminds users that a safe computing policy and up-to-date anti-virus software will nullify the risk of infection. Sophos recommends that companies set policies at their email gateway about whether their users can receive executable code from the outside world.