The Sixem worm exploits interest in the soccer World Cup
tournament.
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned
users about a new email worm that exploits interest in the World
Cup to attack computers.
The W32/Sixem-A
worm spreads using a variety of disguises, including subject lines
such as "Naked World Cup game set", "Soccer fans killed five
teens", and "Crazy soccer fans".
One of the messages sent by the worm reads as follows:
Nudists are organising their own tribute to the world cup,
by staging their own nude soccer game, though it is not clear how
the teams will tell each other apart. Good photos ;)
Other messages can include:
Soccer fans killed five teens, watch what they make on
photos. Please report on this all who know.
and claim to come from the CNN news organization.
If the attached file is run, it attempts to disable security
software on the infected computer and then spread itself to other
email addresses.
"This worm exploits the public's interest in the World Cup to
infect computer users. While some recipients might find nude
football an attractive prospect, this is one worm you don't want to
catch sight of, as you'll be playing straight into the hands of
hackers," said Graham
Cluley, senior technology consultant at Sophos. "It is very
likely that more internet criminals will take advantage of users'
football fever as the tournament heats up - people need to wise up
to security threats, or risk scoring an own goal."
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as apply an email policy
that filters unsolicited executable code at the gateway. Businesses
should also secure their desktop and servers with automatically
updated protection.
Sophos's anti-virus products were automatically updated to
protect against the W32/Sixem-A worm at 21:12 GMT on 19 June
2006.
Sophos experts report that this is not the first time that
hackers have taken advantage of the World Cup competition.
In May 2006 the W32/Zasran-D worm offered
tickets to the World Cup to German computer users. In the same
month, a Trojan horse was spammed out
posing as a wallchart for the soccer tournament.
A year ago, the Sober-N worm offered
tickets to the tournament in an attempt to entrap unprotected
users.
In 2002, the VBS/Chick-F
virus tried to exploit workers desperate to find out the latest
scores from the World Cup in S Korea/Japan.
In 1998, in the run-up to the World cup competition in France,
another
football-inspired virus asked infected victims to gamble on who
the winner might be, and if the user did not choose the right team
triggered a warhead which was capable of wiping all the data off
the hard drive.
"Millions of people worldwide are following the World Cup and
will be using the internet and email to keep up to date with all
the action. In the past we have seen viruses exploiting the
popularity of celebrities like Anna Kournikova and Britney Spears;
Ronaldo, David Beckham or Wayne Rooney could be next," continued
Cluley. "It is very likely that more internet criminals will take
advantage of users' football fever as the tournament heats up."
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.