Press Releases

Browse our press release archive

09 Dec 2004

Playgirl email virus gets political and attacks Chechen rebel websites, Sophos reports

The worm launches a denial-of-service attack against Chechen rebel websites
The worm launches a denial-of-service attack against Chechen separatist websites, such as kavkazcenter.com.

Experts at Sophos have discovered that an email-aware virus disguised as a nude glamour model, is designed to launch a series of denial-of-service attacks on websites run by Chechen rebel separatists.

The W32/Maslan-C worm spreads via email with an attached file called Playgirls2.exe. Recipients who run the attached file and become infected can pass the virus onto other email users, and can become unwitting participants in the distributed denial-of-service attacks.

A typical email sent by the worm reads as follows:

Subject Line:
123

File attachment:
Playgirls2.exe

Message Body:
Hello <random name>,
--Best regards,
<random sender name>

The virus waits until the first day of every month and then launches a denial-of-service attack, intended to swamp the targeted websites with internet traffic, capable of blasting the sites off the internet. The targeted websites are all connected with the Chechen rebel movement:

www.chechenpress.com
www.chechenpress.info
www.kavkaz.org.uk
www.kavkaz.tv
www.kavkaz.uk.com
www.kavkazcenter.com
www.kavkazcenter.info
www.kavkazcenter.net

This is far from the first time the Chechen separatist websites have been in the news. Just two weeks ago, Russian Foreign Ministry asked their Lithuanian counterparts for an explanation as to why the websites - run by separatists in Lithuania - had resumed activity.

"These websites play a key role in the propaganda war between the Chechen rebels and the Kremlin," said Graham Cluley, senior technology consultant for Sophos. "Clearly whoever has written this virus wants to make it harder for the Chechen separatists to publish information about their cause on the internet. Whether you agree with the worm's intention or not, spreading a virus which infects innocent computers and launch attacks against websites is a criminal act."

Although there have only been a small number of reports of the Maslan-C worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.

Other viruses which have spread a political message:

W32/Cycle-A 
Complained about the quality of life in Iran.

W32/Zafi-A 
Displays a message calling for Hungarian patriotism, timed to coincide with the country joining the European Union.

W32/Quaters-A 
Launches a scathing attack on British Prime Minister Tony Blair and attempts to knock the Downing Street website off the internet.

W32/Colevo-A 
Redirects the web browsers of infected computers to a variety of pictures of Evo Morales, leader of the Bolivian coca leaf growers' union and runner-up in 2002's presidential elections.

W32/Vote-A 
Calls for a vote on whether America should go to war against the followers of Islam.

W32/Yaha-Q 
Apparently written in response to attacks on Indian websites, this worm not only attempts to launch a denial of service attack against five Pakistani websites, but also contains a number of inflammatory messages directed at Pakistani hackers.

W32/Yaha-E 
Launches a denial-of-service attack against a Pakistani government website.

Mawanella worm (also known as VBS/VBSWG-Z) 
Displays a message describing the burning down of two mosques and one hundred Muslim-owned shops in Mawanella, Sri Lanka.

Injustice worm (also known as VBS/Staple-A) 
Opens a number of pro-Palestinian websites and describes the alleged murder of a 12-year-old Palestinian child at the hands of Israeli soldiers. In addition, the worm spams itself to members of the Israeli government.

W32/Caric-A 
Poses as a cartoon screensaver of former US President Bill Clinton playing the saxophone. An item of female underwear emerges from the bottom of the instrument.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.