IT security and control firm Sophos is warning of a new
mass-mailing worm that is capitalising on users' enthusiasm for
Nintendo's iconic character, Mario. Once they open the email,
recipients are requested to click on an attachment that promises to
run one of the classic Super Mario Bros games.
Emails sent by the worm use the following text in the message
body:
Hi There, Do You Like Mario Bross ? Test
it, and you'll like it ;] !
Attached to the emails is a file containing the Romario-A worm, which in
addition to launching a game starring the portly Italian plumber,
also attempts to infect other unprotected computers via
mass-mailing itself as a file attachment, as well as spreading via
removable shared drives.
The worm plays a classic Super Mario Bros
game.
Sophos experts note that Romario-A aims to cause maximum impact
by scheduling a daily task to ensure the worm runs regularly at a
specified time.
"Fraudsters are constantly innovating to find new ways of
tapping into users' psyches to tempt them into clicking on infected
links and attachments," said Graham Cluley, senior
technology consultant at Sophos. "Nintendo's resurgence in the
games market with the Wii console and Mario's global retro appeal
are factors playing directly into the hands of cybercriminals keen
to dupe users. This kind of attack is particularly stealth-like
because nostalgic gamers can actually play the game once they
click, giving them no reason to suspect that something more
sinister is lurking beneath."
Romario-A is the latest in a series of malware that purports to
be computer games or to actually run real games. This trick has
been employed many times in the past by malware authors, notably,
the W32/Bagle-U
worm, which attempts to start the Microsoft Hearts game, the
W32/Coconut-A virus, which urged infected users to throw coconuts
at pictures of a computer security expert and the Troj/Gonori-A
Trojan, which plays Minesweeper when run.
The worm is also set to run when files with extensions of BAT,
COM, PIF and SCR are opened or launched.
Sophos customers have been protected against the Romario worm
since 04:40 GMT on 30 July 2007.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution to defend against malware, spyware, hackers and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.