Home / News & Blogs

New worm exploits SARS concerns

Will Sturgeon | April 23, 2003 5:30 PM PDT

Summary

There have been no reports of any infections but e-mail users must be consistantly reminded not to open attachments even if they claim to contain topical information.

Topics

Will Sturgeon
Increasingly virus writes have been relying upon a topical hook in an attempt to encourage recipients to launch the virus--whether it be concealed in an e-mail purporting to offer nude pictures of female celebrities or exclusive spy pictures of Iraq.

In this instance an e-mail arrives offering information about the spread of Severe Acute Respiratory Syndrome (Sars), which has killed dozens of people worldwide. Called W32/Coronex the mass-mailing worm will infect the recipient's machine once activated and will e-mail itself to every name in the infected machine's e-mail address book.

The Coronex worm uses a variety of subject lines, message bodies and attachment names to entice users into clicking including "Severe Acute Respiratory Syndrome", "SARS Virus" and Hongkong.exe. Hong Kong is believed to be the epicentre of the outbreak.

Graham Cluley, senior technology consultant for Sophos Anti-Virus, said: "The worm has been deliberately coded to exploit the public's genuine concern about Sars, and is just a further demonstration of the ways that virus writers attempt to use psychological trickery to spread their creations.

As ever the advice is to be careful and to practice great caution when dealing with any files received over e-mail.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity