Filipino claims to be JPEG virus author

Sophos Press Release

Paul Glenerson B. Amurao, a 21 year old Filipino, has claimed in a media interview to be the author of the first virus to attempt to infect .JPG graphic files. Amurao, who says he lives in a province north of Metro Manila, Philippines, said he was the author of W32/Perrun-A in an interview he gave to INQ7.Net.

Amurao claimed that he wrote the virus using Microsoft Visual Basic 6, bought from a local retailer during a school fair at the University of the Philippines.

In the interview Amurao claimed that W32/Perrun was "like a time-triggered bomb waiting to explode."

"This is perhaps what virus researchers are afraid of. But thank god, somehow I was able to make them aware," he added.

"W32/Perrun-A is more hype than havoc. The virus is not in the wild, is not likely to be, and the JPEG infection method only works if the user is already infected by a Windows executable virus," said Graham Cluley, senior technology consultant for Sophos Anti-Virus."However, it's disturbing to see another virus being written in the Philippines, and that malware authors over there may consider it a cool thing to do."

The Philippines is no stranger to virus writing, being the birth place of the Love Bug (or VBS/LoveLet-A worm) which spread around the world in May 2000. Onel de Guzman, the suspected author of the Love Bug, was detained by the authorities but later released without charge because the Filipino authorities did not have sophisticated computer crime laws at the time of the offence. Laws designed to combat computer misuse were only introduced in June 2000 by the Philippines authorities as a result of the Love Bug incident.

Sophos has issued protection against W32/Perrun-A to customers concerned by the media reports and alerts from other anti-virus vendors.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.