New World Cup worm tries to score

Zasran-A worm manipulates security settings to give hackers access to personal info in users' PCs

World Cup soccer fans should be aware of a new worm being circulated by e-mail with the German-language message "WM-Tickets" or "Weltmeisterschaft," security vendor Sophos warned Wednesday.

The e-mail contains an attachment, which, when opened, activates the W32/Zasran-A worm. The worm is programmed to send itself to addresses stored in Microsoft's Outlook address book and manipulate security settings to give hackers access to other personal information stored in users' PCs.

Additional information is available at http://www.sophos.com/virusinfo/analyses/w32zasrana.html.

The Zasran-A worm is the second World Cup-related virus detected in May, with the games scheduled to kick off June 9.

On May 4, the Baden-Württemberg State Bureau of Criminal Investigation (LKA) warned of an e-mail with a link to a self-extracting Excel file that claims to contain the game plan for the soccer tournament. The German-language e-mail contains the message "Fussball Weltmeisterschaft 2006 in Deutschland" (2006 World Cup Soccer Tournament in Germany) and the link "googlebook.exe."

When clicked, the link installs a Trojan horse on users' PCs. The Trojan program appears to have originated from a server in the U.S., according to LKA officials.

Sophos urges users to be extra vigilant against virus threats as excitement grows over the World Cup games.

Seemingly harmless World Cup screensavers, spreadsheets and electronic wall charts are ideal vehicles to spread viruses and worms, according to the company.

The World Cup has prompted viruses in the past, and will likely in the future as well.

Ahead of the World Cup games in France in 1998, the WM97/ZMK-J virus asked PC users to gamble on who the winner could be, and if the user didn't choose the right team, it triggered a warhead that was capable of erasing all data on the hard drive, according to Sophos.

Last year, the world's governing soccer body, FIFA (Fédération Internationale de Football Association), warned fans and others that its name was being abused in a global phishing scam.

Several lottery companies had sent unsolicited, official-looking e-mail around the globe, announcing that recipients had won a lottery and requesting personal data, including bank account information, for them to claim the prize money. The lotteries claimed to be organized on behalf of, or in association with, FIFA as well as the German organizers of the World Cup and their South African counterparts for the 2010 games.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies