New Worm Exploits Tragedy

By Marcia Savage
September 24, 2001 3:40 PM ET

A mass-mailing computer worm that preys on the high emotions surrounding the Sept. 11 terrorist attacks surfaced Monday, antivirus vendors said.

Called W32.Vote.A, or simply Vote, the worm arrives as an e-mail with the subject line "Fwd: Peace BeTweeN AmeriCa and IsLaM!." The body of the e-mail contains the message: "Hi iS iT A waR Against America or IsLaM!? Let's Vote To Live in Peace!"

The e-mail carries an attachment, WTC.exe, which when executed mails the worm to all addresses in the user's Microsoft Outlook address book, antivirus vendors said. It also drops several text files and Visual Basic Script files into the operating environment and overwrites HTML files with the message: "AmerRiCa ... Few Days WiLL Show You What We can Do!!! It's Our Turn>>>ZaCkEr is So Sorry For You."

If the machine is rebooted, the worm will attempt to delete all the files in the Windows directory and reformat the C drive, said Ian Hameroff, business manager, security solutions, at Computer Associates International.

"The key thing here is its association with the recent terrorist attacks," he said "There's been a lot of e-mails going back and forth with pictures from the event. Someone might think this is another one of these, but unbeknownst to them they're executing a malicious threat."

CA received a few reports of the worm Monday morning and several inquires about it, Hameroff said. The company is ranking it as a medium to medium-high risk because of its association with the recent tragedy, he said.

McAfee, a division of Network Associates, hasn't seen many reports of the worm and rates it as a low risk, said Vincent Gulloto, senior director of research at McAfee AVERT (Anti-Virus Emergency Response Team).

He said Vote likely wouldn't be much of a problem for corporate users because companies are blocking executable files at the gateway. Also, users generally are leery about opening anything that's coming out right now, he said.

Trend Micro ranked Vote as a medium risk because of its social engineering method tied to tragedies and its highly destructive nature, a spokeswoman said. However, the company has only received a few reports of the worm from its corporate customers, she added.

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows