A mass-mailing computer worm that preys on the high emotions surrounding the Sept. 11 terrorist attacks surfaced Monday, antivirus vendors said.
Called W32.Vote.A, or simply Vote, the worm arrives as an e-mail with the subject line "Fwd: Peace BeTweeN AmeriCa and IsLaM!." The body of the e-mail contains the message: "Hi iS iT A waR Against America or IsLaM!? Let's Vote To Live in Peace!"
The e-mail carries an attachment, WTC.exe, which when executed mails the worm to all addresses in the user's Microsoft Outlook address book, antivirus vendors said. It also drops several text files and Visual Basic Script files into the operating environment and overwrites HTML files with the message: "AmerRiCa ... Few Days WiLL Show You What We can Do!!! It's Our Turn>>>ZaCkEr is So Sorry For You."
If the machine is rebooted, the worm will attempt to delete all the files in the Windows directory and reformat the C drive, said Ian Hameroff, business manager, security solutions, at Computer Associates International.
"The key thing here is its association with the recent terrorist attacks," he said "There's been a lot of e-mails going back and forth with pictures from the event. Someone might think this is another one of these, but unbeknownst to them they're executing a malicious threat."
CA received a few reports of the worm Monday morning and several inquires about it, Hameroff said. The company is ranking it as a medium to medium-high risk because of its association with the recent tragedy, he said.
McAfee, a division of Network Associates, hasn't seen many reports of the worm and rates it as a low risk, said Vincent Gulloto, senior director of research at McAfee AVERT (Anti-Virus Emergency Response Team).
He said Vote likely wouldn't be much of a problem for corporate users because companies are blocking executable files at the gateway. Also, users generally are leery about opening anything that's coming out right now, he said.
Trend Micro ranked Vote as a medium risk because of its social engineering method tied to tragedies and its highly destructive nature, a spokeswoman said. However, the company has only received a few reports of the worm from its corporate customers, she added.