Sex movie e-mail worm claims victims worldwide

PC users around the world have been taken in by a booby-trapped email promising the recipient access to free sex movies, only to find their computers infected by an e-mail worm.

The e-mail messages bear the subject line "Here you have", and contain a link that promises to take the recipient to the promised movies - or, in a number of cases, what it claims is a PDF document. In reality, it connects users to a site hosting the malicious software.

The malware infects the victim's Outlook address book, and sends a message to every e-mail address it can find.

The worm also tries to delete any security software installed on the machine in an attempt to remain undetected.

Security firms say that as well as spreading via email, the worm can exploit Windows' auto-run feature to install itself from infected USB memory sticks, external disk drives and other removable storage.

Network administrators have been urged to configure mail servers to block email messages containing file attachments commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. The file used in the current attack is an .SCR file.

Reports indicate that a number of large organisations, including NASA, AIG, Disney, Procter & Gamble and Wells Fargo were targeted by the worm, as inboxes were deluged with hundreds of the malicious messages.

Initial efforts to contain the outbreak have been successful, with the website hosting the worm being shut down late on 9th September, but security experts expect new variants of the virus to spring up elsewhere.

Writing on antivirus firm Kaspersky's company blog, security expert Dennis Fisher compared the outbreak to earlier infections such as the ILoveYou virus, which also spread itself via victim's Outlook address books.

"The difference with those earlier attacks is that the e-mails typically carried the malicious file itself and didn't rely on a link to a downloading site," wrote Fisher. "But the technique used to entice users to click on the attachment or malicious link is the same: offer the user something he wants to see."