Worm lures victims with pictures of Iraq war

Antivirus companies warned of a new worm on Monday that is sent by e-mail and appears to contain photographs of the Iraq war. The Famus.

Antivirus companies warned of a new worm on Monday that is sent by e-mail and appears to contain photographs of the Iraq war.

The Famus.B worm affects Windows systems and tries to trick users into believing its attached file - called Iraq.scr -- contains pictures from inside Iraq. In reality the file infects the user's computer, displays a false error message and harvests any e-mail addresses stored on the PC's hard drive.

Famus.B then creates an SMTP engine that allows it to send copies of itself to all the victim's contacts. To finish off it inserts a line into the Windows registry so the computer will remain infected even after a reboot.

According to antivirus firm Panda Software, Famus.B is not spreading very quickly but because it is based on the Iraq war, people are bound to open the attachment.

In a statement, a Panda spokesperson said: "As Famus.B uses a current issue like the conflict in Iraq, this worm is likely to start causing incidents soon".

E-mails carrying the worm have the subject line: "Iraq and the crime" and the body contains the message: "what is really happening in Iraq? the pictures of the soldiers and prisoners in Iraq... foward this message.... everybody should know the truth".

The email is also written in Spanish.

The first variant of Famus was discovered around six months ago. According to antivirus firm Sophos, the worm was carried in a file called "PentagonSecret.xls.exe" and the e-mail's body text asked: "Do you believe you are safe from the Pentagon of the E.U? Just look these data and you will be surprised".

Sean Richmond, senior technology consultant at Sophos Australia and New Zealand, said that social engineering is commonly used by both phishers and malware authors because it is so difficult to combat using technology alone. He suggests users need to be taught not to open attachments or click on random links.

"It is easy to use social engineering to dupe people and make them reveal information or act differently. The biggest challenge is to get people out of the habit of clicking on links that are e-mailed to them. It is very hard to solve a social problem with technology," Richmond said.

Similar social engineering tactics have often been used in the past. In 2003 a virus was disguised as pictures of Julia Roberts in a compromising position. In July a Trojan horse was sent out in an e-mail claiming to show pictures of Osama Bin Laden committing suicide. More recently, English footballer David Beckham was apparently pictured in a compromising position with "a Spanish hooker".