Virus warning: Don't take a Ganda at war pics

Virus writers have taken advantage of the imminent onset of war to release an email supposedly offering a variety of war-themed attachments - ranging from secret US spy pictures of Iraq to screensavers mocking US President George Bush.

However, the emails actually contain a new worm called Ganda.

The worm, which is thought to originate from Sweden, is in the wild, and travels in an email with a variety of subject lines and body text, all intended to trick recipients into running the virus-ridden attachment.

Jack Clark, product manager at McAfee, said: "We're keen to stress that we still have this virus as a low risk at the moment. But it does show how far some virus writers are prepared to go to get attention."

Again this latest virus scare reveals a continuing trend of social engineering - the practice of picking a particularly topical event, subject or figure and using it as a hook to tempt computer users into launching a virus.

In peacetime the most common ploy involves offering candid shots of popular celebrities, as seen with the recent Catherine Zeta Jones email. Clark describes this as a "go for the loins" approach, but in wartime such a practice becomes far more sinister.

With the Iraqi conflict likely to be the largest international skirmish since the widespread adoption of email in offices and homes worldwide, social engineering is likely to play an even greater part in the spread of similar viruses.

Clark said: "Virus writes will use any occasion that they think will work on computer users, no matter how sick - be it the attack on the World Trade Center or the war with Iraq. They are just looking for attention and will use anything that will guarantee them media attention."

Clark believes there will be a lot more viruses launched in emails related to the war in Iraq. "This isn't going to be the last," he said. "Virus writers will play upon people's curiosity for information about the war. Virus writers aren't particularly clever. Once they are presented with a successful method of getting people to launch viruses they will adopt it for themselves."

Once activated Ganda behaves much like any other self-propagating worm. It will email itself to addresses in the infected machine's Outlook email address book. It also scans the machine looking for security applications - such as McAfee, Norton or Sophos anti-virus products - and will then shut them down.

Clark advises anybody to treat emails purporting to be about the war in Iraq with suspicion and again, only open emails when you can vouch for the source.

Clark added: "The good thing is that this virus hasn't had much of an impact, but it has alerted people to the potential dangers of war-related emails."