The second tsunami worm in a week heralds a new low in virus writing, experts say. VBSun-A appears in emails that appeal for donations to help victims of last month’s Asian tsunami.
When the user opens an attachment the virus spreads itself and simultaneously launches a DDoS attack on German hacking website "Hacksector". Currently the website is still inoperable.
"It could be related to rival virus writing gangs," said Graham Cluley, senior technology consultant at anti-virus firm Sophos. "But this is really scraping the barrel, it's very low."
VBSun-A is not the first time tragedies have been used to spread malicious code. Last week the largely unsuccessful VBS.Geven.b praised the effects of the tsunami in order to make angry recipients click on attachments.
"After September 11 we saw this sort of thing," said Cluley. "I'm sure we'll see it again."
News of the worm follows SC reports that scammers are trying to cash in on other people's kindness by pointing unwary users to fake charity websites. The gangs behind the fraud pocket the money themselves instead of helping victims of the tragedy.
One criminal making profit out of tsunami scams has already been caught by the FBI. Matthew Schmieder, 24, was released on bail having been arrested last week for sending emails claiming to be from an aid organisation.
Schmieder received only $150 in his PayPal account before the Feds moved in.