World Cup worms entice soccer fans

Share this article:

The World Cup continues to generate opportunities for malware creators to spread their work, experts warned yesterday.

The latest batch of headaches comes in the form of a new worm that arrives via email that appears to be from the CNN news story. The email entices users to open it with subject lines such as "Naked World Cup game set," "Soccer fans killed five teens," and "Crazy soccer fans." 

Each email variant claims that the attached file is an interesting photo of the events, and encourages the recipient to open it. When run, the file tries to disable security software on the computer and spreads itself to other email addresses. 

"This worm exploits the public's interest in the World Cup to infect computer users. While some recipients might find nude football an attractive prospect, this is one worm you don't want to catch sight of, as you'll be playing straight into the hands of hackers," said Graham Cluley, senior technology consultant at Sophos. "It is very likely that more internet criminals will take advantage of users' football fever as the tournament heats up - people need to wise up to security threats, or risk scoring an own goal."  

The worms are just the latest in a string of World Cup-based malware taking advantage of soccer fever.

Named Sixem-A by Sophos and Delf.V by Kaspersky, the worm is still relatively rare. But it is definitely not the first time the bad guys have tried to take advantage of World Cup 2006 excitement.  

Just prior to this year’s event, the Zasran-D worm was spread via emails offering game tickets and a trojan was spread through a spammed message offering a free wall chart for the soccer tournament.

Research from McAfee said that fans of the Angolan national team are the most likely to be targeted by email-based scams. Fans of Brazil and Portugal are also heavily spammed.

Security firms have also warned that the World Cup is both a drain on bandwidth and employee productivity

Share this article:

Next Article in News

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.