Is it a GameCube emulator or a virus?

August 06, 2002 Sophos Press Release


It is well known that virus authors have used sex as a method of enticing unsuspecting users to be infected by malware. Examples include VBS/SST-A which purported to be a graphic of the glamorous Russian tennis player Anna Kournikova and VBS/LoveLet-A (also known as the Love Bug) which pretended to be a love letter from a friend or colleague.

Virus authors have seen the success these viruses have experienced in spreading around the world and been inspired to use similar techniques to spread their malicious code around the globe, with varying levels of success.

However, the Surnova worm uses a slightly different trick. As well as using the tried-and-trusted technique of "celebrity endorsement" (on occasion it uses filenames which claim to be erotic movies of the singers Britney Spears, Christian Aguilera and Jennifer Lopez) it also attempts to appeal to game console fans.

Amongst the many filenames the Surnova worm can use to entice people into running it are XBOX emulator (WORKS!!).exe and Gamecube Emulator (WORKS!!).exe.

"Fans of Halo or Pikmin may be tempted to try one of these programs in an attempt to convert their PC into a Microsoft Xbox or a Nintendo GameCube," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "However, some things really are too good to be true. Users should be suspicious of unknown executable files, and never bring unauthorised programs into their organisation."

Sophos recommends users sign up for automatic notification of new virus threats via email, keep their virus protection up-to-date and practise safe computing to help avoid virus infection.