Virus warning: Playboy bunny, not so funny

Antivirus vendors are warning users to be on the lookout for an email borne worm which is disguising itself as nude pictures of Playboy pin-ups, though they admit the threat level is still very low.

However, with Christmas on the horizon and some boozy lunches in the diary for many there's a chance such an attachment will appear tempting to any employees getting demob-happy ahead of the holidays.

The Maslan worm would appear to be politically motivated, with infected machines intended to launch a denial-of-service attack against websites owned by Chechen separatists, according to antivirus firm Sophos.

According to Symantec W32.Maslan.C@mm is a mass-mailing worm that opens a back door and exploits system vulnerabilities on the compromised computer. The worm also steals passwords using a keylogger. The worm also attempts to attack a series of firewalls and antivirus settings on an infected machine.

The email also controls which email addresses it spreads to, avoiding most webmail addresses and also any others which may report to antivirus or filtering companies, apparently a crude attempt to avoid detection. Antivirus firms Panda, Sophos and Symantec have all been blacklisted by the worm, along with words such as 'abuse', 'privacy' and 'spam' which, if appearing an email address may be an indication of an address used to report unsolicited or malicious mail..

Currently the email spreading in the wild has the subject line '123' or '12345' and an attached file called 'Playgirls2.exe' or 'Playgirls_2.exe'.

The political power of cyberattacks has long been a matter of concern in some quarters, and derided by others as scare-mongering.

Although some may seize upon examples such as this to prove growing support in terrorist ranks for digital attack, the methodology here is no different to a number of other viruses which have spread over the past couple of years and it seems likely it's somebody with an axe to grind rather than anything more serious or concerted.

Sophos' Graham Cluley said whatever the motive the "spreading a virus is clearly criminal behaviour".

According to Sophos the virus waits until the first day of every month and then will attempt to launch a denial-of-service attack, intended to swamp the targeted websites with internet traffic.