 |
| The worm launches a denial-of-service attack
against Chechen separatist websites, such as kavkazcenter.com. |
Experts at Sophos have discovered that an email-aware virus
disguised as a nude glamour model, is designed to launch a series
of denial-of-service attacks on websites run by Chechen rebel
separatists.
The W32/Maslan-C worm spreads
via email with an attached file called Playgirls2.exe. Recipients
who run the attached file and become infected can pass the virus
onto other email users, and can become unwitting participants in
the distributed denial-of-service attacks.
A typical email sent by the worm reads as follows:
Subject Line:
123
File attachment:
Playgirls2.exe
Message Body:
Hello <random name>,
--Best regards,
<random sender name>
The virus waits until the first day of every month and then
launches a denial-of-service attack, intended to swamp the targeted
websites with internet traffic, capable of blasting the sites off
the internet. The targeted websites are all connected with the
Chechen rebel movement:
www.chechenpress.com
www.chechenpress.info
www.kavkaz.org.uk
www.kavkaz.tv
www.kavkaz.uk.com
www.kavkazcenter.com
www.kavkazcenter.info
www.kavkazcenter.net
This is far from the first time the Chechen separatist websites
have been in the news. Just two weeks ago, Russian Foreign Ministry
asked their Lithuanian counterparts for an explanation as to why
the websites - run by separatists in Lithuania - had resumed
activity.
"These websites play a key role in the propaganda war between
the Chechen rebels and the Kremlin," said Graham Cluley, senior
technology consultant for Sophos. "Clearly whoever has written this
virus wants to make it harder for the Chechen separatists to
publish information about their cause on the internet. Whether you
agree with the worm's intention or not, spreading a virus which
infects innocent computers and launch attacks against websites is a
criminal act."
Although there have only been a small number of reports of the
Maslan-C worm, Sophos recommends computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of both spam and
viruses.
Other viruses which have spread a political message:
W32/Cycle-A
Complained about the quality of life in Iran.
W32/Zafi-A
Displays a message calling for Hungarian patriotism, timed to
coincide with the country joining the European Union.
W32/Quaters-A
Launches a scathing attack on British Prime Minister Tony Blair and
attempts to knock the Downing Street website off the internet.
W32/Colevo-A
Redirects the web browsers of infected computers to a variety of
pictures of Evo Morales, leader of the Bolivian coca leaf growers'
union and runner-up in 2002's presidential elections.
W32/Vote-A
Calls for a vote on whether America should go to war against the
followers of Islam.
W32/Yaha-Q
Apparently written in response to attacks on Indian websites, this
worm not only attempts to launch a denial of service attack against
five Pakistani websites, but also contains a number of inflammatory
messages directed at Pakistani hackers.
W32/Yaha-E
Launches a denial-of-service attack against a Pakistani government
website.
Mawanella worm (also known as
VBS/VBSWG-Z)
Displays a message describing the burning down of two mosques and
one hundred Muslim-owned shops in Mawanella, Sri Lanka.
Injustice
worm (also known as VBS/Staple-A)
Opens a number of pro-Palestinian websites and describes the
alleged murder of a 12-year-old Palestinian child at the hands of
Israeli soldiers. In addition, the worm spams itself to members of
the Israeli government.
W32/Caric-A
Poses as a cartoon screensaver of former US President Bill Clinton
playing the saxophone. An item of female underwear emerges from the
bottom of the instrument.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.