Rediff.com« Back to articlePrint this article

Virus spreading thru obscene emails

January 18, 2006 11:10 IST

Pornography has always been used as a weapon by mass mailers to spread deadly viruses over the Internet. Exploiting human vulnerability for sex-related content, this method has proved to be highly effective in malice proliferation, says MicroWorld, developer of the world's first real-time anti-virus and content security software for desktops and servers.

The unsuspecting user is lured to open an attachment which promises to be something sleazy. After it is downloaded, it pops up its ugly head in no time.

The newly found 'Win32.vb.bi' is a mass-mailing worm that spreads through file sharing networks and manipulates security settings on the attacked computer.

The email that spreads the virus comes with some pornographic titles and carries attachments given below in '.zip' formats like sex.mim, Attachmnets00.hqx, Winzip.BHX, Video-part.mim, Ebook.uu, Attchments001.bhx, 3.92315089702606E02.UUE, original message.B64, word-document.uu, WinzipQuikPick.exe, HRM-AF.exe, et cetera.

The subject lines found normally, are Fw: Sexy, Fwd: Crazy illegal Sex, Fw:Sex.mpg, The file, Hello, Ebook.pdf, Re:wordfuile

Once the file is executed, this worm steals email addresses from the attacked computer and performs mass-mailing. Enterprises with shared networks and intranet systems are highly vulnerable to this worm as this one spreads very fast.

MicroWorld detected this threat on Monday and managed to destroy the worm with its antivirus software. The threat level of this worm and the extent of danger it poses are being evaluated currently.

Win32 worms spread via Windows Networking APIs, MAPI functions or email clients like Microsoft Outlook. They send email messages with the worm program attached along with. Typically, these mails suggest that the recipient should launch the attachment to see something interesting or important.

In case of infections, MicroWorld's virus scanner and cleaner ensures that the worm is destroyed before it can reach your applications.

Users can download the trial versions of the software from http://mwti.net/virus_info/virusalertd.asp?vid=798.