Is it a GameCube emulator or a virus?

Sophos Press Release


It is well known that virus authors have used sex as a method of enticing unsuspecting users to be infected by malware. Examples include VBS/SST-A which purported to be a graphic of the glamorous Russian tennis player Anna Kournikova and VBS/LoveLet-A (also known as the Love Bug) which pretended to be a love letter from a friend or colleague.

Virus authors have seen the success these viruses have experienced in spreading around the world and been inspired to use similar techniques to spread their malicious code around the globe, with varying levels of success.

However, the Surnova worm uses a slightly different trick. As well as using the tried-and-trusted technique of "celebrity endorsement" (on occasion it uses filenames which claim to be erotic movies of the singers Britney Spears, Christian Aguilera and Jennifer Lopez) it also attempts to appeal to game console fans.

Amongst the many filenames the Surnova worm can use to entice people into running it are XBOX emulator (WORKS!!).exe and Gamecube Emulator (WORKS!!).exe.

"Fans of Halo or Pikmin may be tempted to try one of these programs in an attempt to convert their PC into a Microsoft Xbox or a Nintendo GameCube," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "However, some things really are too good to be true. Users should be suspicious of unknown executable files, and never bring unauthorised programs into their organisation."

Sophos recommends users sign up for automatic notification of new virus threats via email, keep their virus protection up-to-date and practise safe computing to help avoid virus infection.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at