Viruses & Malware

Consumers and businesses need to be extra vigilant against virus threats from hackers taking advantage of World Cup fever, according to a security warning from Sophos.

"In the past we've seen viruses exploiting the popularity of celebrities like Anna Kournikova. David Beckham or Wayne Rooney could be next," Graham Cluley, senior technology consultant at Sophos, told vnunet.com.

"Businesses need to ensure that staff are not downloading unknown code to their computers. The code may pretend to offer soccer coverage, but actually installs spyware.

Viruses that have been successfully tackled elsewhere continue to attack computers in the Middle East, according to security vendor Symantec.

More than two years since first appearing, the Netsky-P worm remains the most widespread piece of malware spreading via email, Sophos has said.

In its latest monthly investigation into the top ten Malware threats, the security vendor has also found the Mytob worm family was also the source of numerous infections.

Some five different variants of the worm appeared in the company’s May threat list.

A NEW computer virus hijacks personal files — then tries to blackmail PC users into paying a ransom for passwords to unlock them.

Victims are barred from their My Documents folder by the hackers’ so-called ransomware.

The Arhiveus virus has swept the US but nurse Helen Barrow, 40, is believed to be Britain’s first victim.

She found her files replaced with a 30-digit password-protected folder.

The first real mobile phone virus, which was found in the wild and could replicate on its own, was discovered almost two years ago.

On June 15 2004, Finnish anti-virus firm F-Secure and Russian rival Kaspersky released details about a piece of mobile phone malware that used Bluetooth to try and spread to other Symbian series60-based mobile phones.

Tickets for the World Cup? No, this time it is a virus.

There is a new mass mailing worm called Banwarum (also known as Zasran and Ranchneg) that is using World Cup themed email messages. The worm sends itself as a password protected archive and includes in the email the password for it. The emails sent by the worm are in German and some of them offer tickets for the football games in Germany next month.

World Cup soccer fans should be aware of a new worm being circulated by e-mail with the German-language message "WM-Tickets" or "Weltmeisterschaft," security vendor Sophos warned Wednesday.

The e-mail contains an attachment, which, when opened, activates the W32/Zasran-A worm. The worm is programmed to send itself to addresses stored in Microsoft's Outlook address book and manipulate security settings to give hackers access to other personal information stored in users' PCs.

The family of WORM_RONTKBR.GEN (including WORM_RONTOKBRO and WORM_BRONTOK) discovered at the end of 2005 continues their spread this year. The scale of infection has expanded in Asia, while both the damage potential and distribution potential of these worms has been adjusted to High Risk by Trend Micro. This worm family is mainly spread through emails that contain blank subject lines, and using a fake Windows icon folder to trick users into activating the malware. Once clicked, the My Documents folder is also opened in order to hide the malware's execution.

The popularity around Dan Brown’s book, The Da Vinci Code, couldn’t have
gone unexploited by virus authors, who would do anything to spread their malicious creations. According to the Mid Day Indian Daily, a virus bearing the name of the bestseller book has infected dozens of phones in India.

The virus spreads via wireless Bluetooth technology, and causes a message to pop up on Bluetooth devices: ‘Receive message via Bluetooth from Da Vinci Code?’

The malicious code is extremely dangerous, once the message is accepted, all the data on the phone being destroyed.

Security researchers at FaceTime Security Labs have recently identified a new threat to instant messenger users; potentially threaten millions of users across the world. Researchers recently confirmed they had found a self-propagating worm aimed at targeting Yahoo Instant Messenger users. The new worm named yhoo32.explr is reported to install its own browser and hijacks the Internet Explorer homepage.