Worm Poses as an Appeal for Tsunami Aid

Internet users were warned this week of a new mass mailer worm that masquerades as an appeal for aid after last month's Indian Ocean tsunami disaster.

The worm carries the subject line "Tsunami Donation! Please help!" and the text message "Please help us with your donation and view the attachment below! We need you!" The attachment, labeled "tsunami.exe," spreads the virus to other Internet users, according to security firm Sophos.

Running the attached file also launches a denial-of-service (DOS) attack against German hacking site www.hacksector.de, says Sophos Chief Technology Consultant Graham Cluley. The site appeared to be down Monday morning when Sophos researchers tried to access it, Cluley says.

"This could be a skirmish between two hacker groups," Cluley says.

New Trend

Sophos has received a small number of reports of the worm, VBSun-A, being found in the wild. It appears to be part of a new trend in Internet hoaxes that seek to take advantage of the tsunami tragedy, Cluley says.

Sophos, based in Abingdon, England, warned last week of a number of e-mail scams related to the tsunami, and similar to the seemingly ubiquitous Nigerian letter scams which seek money from their recipients.

"This is a healthy reminder that people need to be very careful of what they run on their computers," Cluley says, noting that he's seen an increase in hoaxes based on recent news events.

Still, 2005 has started as a relatively slow year for new Internet viruses, Cluley says. The most prevalent at the moment is Netsky.P, which was first discovered nine months ago, he says.