 |
| The Cycle worm protests about life in Iran |
Sophos virus analysts have discovered a computer worm which
spreads a message from its author about life in Iran.
The W32/Cycle-A
worm, which searches for computers vulnerable to the same Microsoft
security vulnerability as the Sasser worm, drops a message
on the hard drives of infected computers complaining about the
quality of life in Iran.
The message dropped by the worm in the form of an ASCII text
file is signed by the author who calls himself "Cyclone", and
complains that European governments are supporting the regime in
Tehran, because of the war in neighbouring Iraq.
"Whether you agree or not with the message Cyclone has put
inside his worm, writing and distributing a virus is not a
responsible way to make your case," said Graham Cluley, senior
technology consultant for Sophos. "This is just the latest in a
long list of politically-motivated viruses - all of them have
failed to realise that computer users want to choose what runs on
their PC, rather than let a virus or worm run riot across their
systems, regardless of its political intentions."
The security vulnerability exploited by the Cycle worm was first
patched by Microsoft on 13 April 2004 in Microsoft Security
Bulletin MS04-011.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their
systems scanned for critical Microsoft security
vulnerabilities.
Other viruses which have spread a political message:
W32/Zafi-A
Displays a message calling for Hungarian patriotism, timed to
coincide with the country joining the European Union.
W32/Quaters-A
Launches a scathing attack on British Prime Minister Tony Blair and
attempts to knock the Downing Street website off the internet.
W32/Colevo-A
Redirects the web browsers of infected computers to a variety of
pictures of Evo Morales, leader of the Bolivian coca leaf growers'
union and runner-up in 2002's presidential elections.
W32/Vote-A
Calls for a vote on whether America should go to war against the
followers of Islam.
W32/Yaha-Q
Apparently written in response to attacks on Indian websites, this
worm not only attempts to launch a denial of service attack against
five Pakistani websites, but also contains a number of inflammatory
messages directed at Pakistani hackers.
W32/Yaha-E
Launches a denial-of-service attack against a Pakistani government
website.
Mawanella worm (also known as
VBS/VBSWG-Z)
Displays a message describing the burning down of two mosques and
one hundred Muslim-owned shops in Mawanella, Sri Lanka.
Injustice
worm (also known as VBS/Staple-A)
Opens a number of pro-Palestinian websites and describes the
alleged murder of a 12-year-old Palestinian child at the hands of
Israeli soldiers. In addition, the worm spams itself to members of
the Israeli government.
W32/Caric-A
Poses as a cartoon screensaver of former US President Bill Clinton
playing the saxophone. An item of female underwear emerges from the
bottom of the instrument.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.