Virus writers resort to gorilla tactics

Monkey business hides Wurmark-k payload

Robert Jaques, vnunet.com 10 May 2005

A newly discovered email worm, dubbed Wurmark-K, displays a picture of an albino gorilla as it infects compromised PCs.

Security experts said today that emails carrying the virus as an attachment have a variety of characteristics including subject lines: 'Hehehe LOL!!' and 'Your Photo Is On A Webpage!!'.

IT security firm Sophos warned that opening the attached Zip file and launching the files contained inside will infect the PC with the worm and display a graphic of an albino gorilla. This graphic can be viewed here.

As the image is being displayed, Wurmark-K installs the Rbot-ABK network worm and backdoor Trojan. This malicious worm can allow hackers to break into infected computers to steal information from the unsuspecting user or plant other malicious code.

"This worm is no laughing matter. Its intention is to hand over control of your PC to remote hackers," said Graham Cluley, senior technology consultant at Sophos.

"Unless computer users properly defend themselves with up-to-date antivirus software, firewalls and security patches they run the risk of having their PCs exploited and their bank accounts emptied."

Cluley believes that the Wurmark-K and Rbot-ABK worms are evidence of a growing trend of malware spying on innocent home computer owners and poorly-protected businesses.

"Organised criminals are involved in virus writing at a greater level than ever before. They are becoming more aggressive in their attempts to find new computers to infect and control," he said.

"If you attach a new, unpatched and unprotected computer to the internet, it can easily be under the control of hackers within a matter of minutes."

More information on Wurmark-K and Rbot-ABK is available here.

See also: