 |
| Was the worm named after a Woody Allen film? |
Sophos has reacted to Italian newspaper reports that a 39-year-old Italian man
has been charged with fraud and virus distribution in relation to
the Marq-A worm, also known as Zelig or Voltan.
The W32/Marq-A
email-aware worm, first seen in October 2003, directed innocent
computer users to a website where a malicious program posing as a
screensaver could be downloaded. If run, the worm would change the
phone number used for accessing the internet to a premium-rate
number based in Aruba in the Dutch Antilles. It is claimed that
more than 57,000 minutes were logged on the premium-rate number
amounting to an estimated £71,000 (104,000 Euros). If the virus had
been allowed to continue for a month, it is estimated over one
million Euros would have been collected.
The Italian financial police were able to freeze the money
accrued by the worm, which was first sent to a New York bank
account, then transferred via Venezuela before ending up in an
account belonging to a "ghost" company in Aruba.
Because the virus only communicated in Italian, it had little
effect on the rest of the world.
"Interestingly, Marq-A is one of only a few viruses which
attempt to make money. Many viruses cause severe disruption and
financial loss to companies worldwide, but offer no financial gain
to their author," said Carole Theriault, security
consultant at Sophos. "It is positive to see that authorities in
different countries can work together in order to prevent these
crimes. If cybercriminals believe that they can be traced and made
to pay for their actions, maybe they will think twice about
releasing their malicious code."
The Marq worm arrived in the form of an email with the subject
line "The moment is cathartic", written in Italian, directing users
to download what was claimed to be a screensaver called zelig.scr.
Flavio Oreglio, one of the stars of the Italian TV show "Zelig", is
the author of a book called "The moment is cathartic" and it is
suspected that this will have encouraged some Italian-speaking
people to download the malicious program.
Zelig is also the name of a 1980s Woody Allen film about a man
who travels through recent history, assuming a number of different
guises.
News of the charges in Italy comes as Microsoft announces that it is
prepared to pay up to $500,000 for information leading to the
arrest of people believed to be behind the destructive Sobig and
Blaster worms.
"A clear message is being sent out to the computer underground:
The authorities are prepared to pursue and punish you for the
crimes you commit on the internet," continued Theriault.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.