World Cup worms entice soccer fans

Share this article:

The World Cup continues to generate opportunities for malware creators to spread their work, experts warned yesterday.

The latest batch of headaches comes in the form of a new worm that arrives via email that appears to be from the CNN news story. The email entices users to open it with subject lines such as "Naked World Cup game set," "Soccer fans killed five teens," and "Crazy soccer fans." 

Each email variant claims that the attached file is an interesting photo of the events, and encourages the recipient to open it. When run, the file tries to disable security software on the computer and spreads itself to other email addresses. 

"This worm exploits the public's interest in the World Cup to infect computer users. While some recipients might find nude football an attractive prospect, this is one worm you don't want to catch sight of, as you'll be playing straight into the hands of hackers," said Graham Cluley, senior technology consultant at Sophos. "It is very likely that more internet criminals will take advantage of users' football fever as the tournament heats up - people need to wise up to security threats, or risk scoring an own goal."  

The worms are just the latest in a string of World Cup-based malware taking advantage of soccer fever.

Named Sixem-A by Sophos and Delf.V by Kaspersky, the worm is still relatively rare. But it is definitely not the first time the bad guys have tried to take advantage of World Cup 2006 excitement.  

Just prior to this year’s event, the Zasran-D worm was spread via emails offering game tickets and a trojan was spread through a spammed message offering a free wall chart for the soccer tournament.

Research from McAfee said that fans of the Angolan national team are the most likely to be targeted by email-based scams. Fans of Brazil and Portugal are also heavily spammed.

Security firms have also warned that the World Cup is both a drain on bandwidth and employee productivity

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.