You are here: silicon.com > Software > Malware

Malware

Virus warning: Playboy bunny, not so funny

Maslan worm disguised as nude pics... very old skool!

By Will Sturgeon

Published: 10 December 2004 11:55 GMT

Antivirus vendors are warning users to be on the lookout for an email borne worm which is disguising itself as nude pictures of Playboy pin-ups, though they admit the threat level is still very low.

However, with Christmas on the horizon and some boozy lunches in the diary for many there's a chance such an attachment will appear tempting to any employees getting demob-happy ahead of the holidays.

The Maslan worm would appear to be politically motivated, with infected machines intended to launch a denial-of-service attack against websites owned by Chechen separatists, according to antivirus firm Sophos.

According to Symantec W32.Maslan.C@mm is a mass-mailing worm that opens a back door and exploits system vulnerabilities on the compromised computer. The worm also steals passwords using a keylogger. The worm also attempts to attack a series of firewalls and antivirus settings on an infected machine.

The email also controls which email addresses it spreads to, avoiding most webmail addresses and also any others which may report to antivirus or filtering companies, apparently a crude attempt to avoid detection. Antivirus firms Panda, Sophos and Symantec have all been blacklisted by the worm, along with words such as 'abuse', 'privacy' and 'spam' which, if appearing an email address may be an indication of an address used to report unsolicited or malicious mail..

Currently the email spreading in the wild has the subject line '123' or '12345' and an attached file called 'Playgirls2.exe' or 'Playgirls_2.exe'.

The political power of cyberattacks has long been a matter of concern in some quarters, and derided by others as scare-mongering.

Although some may seize upon examples such as this to prove growing support in terrorist ranks for digital attack, the methodology here is no different to a number of other viruses which have spread over the past couple of years and it seems likely it's somebody with an axe to grind rather than anything more serious or concerted.

Sophos' Graham Cluley said whatever the motive the "spreading a virus is clearly criminal behaviour".

According to Sophos the virus waits until the first day of every month and then will attempt to launch a denial-of-service attack, intended to swamp the targeted websites with internet traffic.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business


  • Jobs
WEB DEVLOPER, Manchester - C#/.NET - Major retail websites.

My client would also be interested in seeing selected CV's with web addresses of work available to view; ie a portfolio of past work. My client is ...

Field Sales Executive - 35K-50K + OTE

The role will allow you to work with some of the largest vendors in the marketplace including Symantec, McAfee, F5 Networks and Sophos and you will ...

Firewall Engineer (Security Engineer)

Exposure to and experience with popular enterprise antivirus suites (ie: McAfee, Sophos, Symantec) is highly desirable. Firewall Engineer (Security ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: