Robert Jaques, vnunet.com 20 Jun 2006

Hackers have developed an email worm that exploits interest in the World Cup
in a bid to tempt football fans to open a malicious attachment.

The Sixem-A worm spreads using a variety of disguises, including subject
lines such as 'Naked World Cup game set', 'Soccer fans killed five teens'
and 'Crazy soccer fans', to try and dupe unsuspecting users into clicking on
a malicious attachment.

One of the messages sent by the worm reads: 'Nudists are organising their
own tribute to the world cup, by staging their own nude soccer game, though
it is not clear how the teams will tell each other apart. Good photos ;)'

Other messages, some of which claim to come from the CNN news organisation,
can include: 'Soccer fans killed five teens, watch what they make on photos.
Please report on this all who know.'

If the attached file is run, it attempts to disable security software on the
infected computer and then spread itself to other email addresses.

"This worm exploits the public's interest in the World Cup to infect
business users," said Graham Cluley, senior technology consultant at Sophos.


"While some recipients might find nude football an attractive prospect, this
is one worm you don't want to catch sight of as you'll be playing straight
into the hands of hackers.

"It is very likely that more internet criminals will take advantage of
users' football fever as the tournament heats up, so people need to wise up
to security threats or risk scoring an own goal."

This is not the first time hackers have taken advantage of the World Cup. A
year ago, the Sober-N worm offered tickets to the tournament in an attempt
to entrap unprotected users, while in 2002, the Chick-F virus tried to
exploit workers desperate to find out the latest scores from the World Cup
in S Korea/Japan.

In 1998, in the run-up to the World cup competition in France, another
football-inspired virus asked infected victims to gamble on who the winner
might be.

If the user did not choose the right team the virus triggered a warhead that
was capable of wiping all the data off the hard drive.

Read About It
Information about W32/Sixem.a@MM is located on VIL at:
http://vil.nai.com/vil/content/v_139982.htm

Detection
W32/Sixem.a@MM was first discovered on June 19th, 2006 and detection was
added to the 4788 dat files (Release Date: June 20th, 2006).  

To stay updated and protected download the latest dat files from
http://www.mcafee.com/us/downloads/index.html

If you suspect you have W32/Sixem.a@MM, please submit a sample to
http://www.webimmune.net.

Mike Grant
Bytware, Inc.
775-851-2900 

http://www.bytware.com


CONFIDENTIALITY NOTICE:  This e-mail message and any attachment to this e-mail 
message contain information that may be privileged and confidential.  This 
e-mail and any attachments are intended solely for the use of the individual or 
entity named above (the recipient) and may not be forwarded to or shared with 
any third party.  If you are not the intended recipient and have received this 
e-mail in error, please notify us by return e-mail or by telephone at 
775-851-2900 and delete this message.  This notice is automatically appended to 
each e-mail message leaving Bytware, Inc.  



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.