Press Releases

Browse our press release archive

20 Jun 2006

Nude World Cup worm spreads via email

The Sixem worm exploits interest in the soccer World Cup tournament.

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a new email worm that exploits interest in the World Cup to attack computers.

The W32/Sixem-A worm spreads using a variety of disguises, including subject lines such as "Naked World Cup game set", "Soccer fans killed five teens", and "Crazy soccer fans".

One of the messages sent by the worm reads as follows:

Nudists are organising their own tribute to the world cup, by staging their own nude soccer game, though it is not clear how the teams will tell each other apart. Good photos ;)

Other messages can include:

Soccer fans killed five teens, watch what they make on photos. Please report on this all who know.

and claim to come from the CNN news organization.

If the attached file is run, it attempts to disable security software on the infected computer and then spread itself to other email addresses.

"This worm exploits the public's interest in the World Cup to infect computer users. While some recipients might find nude football an attractive prospect, this is one worm you don't want to catch sight of, as you'll be playing straight into the hands of hackers," said Graham Cluley, senior technology consultant at Sophos. "It is very likely that more internet criminals will take advantage of users' football fever as the tournament heats up - people need to wise up to security threats, or risk scoring an own goal."

Sophos recommends that companies protect their email gateways with a consolidated solution to defend against viruses, spyware and spam, as well as apply an email policy that filters unsolicited executable code at the gateway. Businesses should also secure their desktop and servers with automatically updated protection.

Sophos's anti-virus products were automatically updated to protect against the W32/Sixem-A worm at 21:12 GMT on 19 June 2006.

Sophos experts report that this is not the first time that hackers have taken advantage of the World Cup competition.

In May 2006 the W32/Zasran-D worm offered tickets to the World Cup to German computer users. In the same month, a Trojan horse was spammed out posing as a wallchart for the soccer tournament.

A year ago, the Sober-N worm offered tickets to the tournament in an attempt to entrap unprotected users.

In 2002, the VBS/Chick-F virus tried to exploit workers desperate to find out the latest scores from the World Cup in S Korea/Japan.

In 1998, in the run-up to the World cup competition in France, another football-inspired virus asked infected victims to gamble on who the winner might be, and if the user did not choose the right team triggered a warhead which was capable of wiping all the data off the hard drive.

"Millions of people worldwide are following the World Cup and will be using the internet and email to keep up to date with all the action. In the past we have seen viruses exploiting the popularity of celebrities like Anna Kournikova and Britney Spears; Ronaldo, David Beckham or Wayne Rooney could be next," continued Cluley. "It is very likely that more internet criminals will take advantage of users' football fever as the tournament heats up."

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at