Luscious Lara unleashes IRC worm

The promise of a luscious Lara Croft screensaver is likely to fool Internet users into unleashing a new computer worm that spreads itself exclusively through Internet Relay Chat (IRC).

The virus is the first malicious code to disguise itself as a Windows desktop decorating application, and exploits the popular Tomb Raider theme. "Lara" spreads through an Internet chat application and transfers the "LaraCroft.theme" worm-carrying file to remote computers. As soon as it has been executed, the virus sends out copies of itself to all other users connected to the same IRC channel as the infected computer.

"This is something completely new -- the theme file has a section where executable commands can be embedded, that should normally be used for specifying a particular screensaver," said Vanja Svajcer, virus research team leader at Internet security firm Sophos. "The command copies the theme file into a batch file, so that the file can be run again and again."

Earlier this year, a virulent email worm disguising itself as a picture file of the Russian tennis star Anna Kournikova had a disastrous impact upon many UK companies. But antivirus experts are satisfied that "Lara" is unlikely to cause such a global epidemic.

"I don't think that it is going to be big -- the number of people using IRC is small, but Kournikova was replicated through Microsoft Outlook which has a much bigger number of users," said Svajcer.

The desktop worm was detected on Tuesday, and Sophos had only detected two cases at the time of writing.

See the Viruses and Hacking News Section for the latest headlines.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.