Advertisement
 
To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------
Virus preys on World Cup ticket rush

By Munir Kotadia, ZDNet Australia
May 03, 2005
URL: http://www.zdnet.com.au/news/security/soa/Virus-preys-on-World-Cup-ticket-rush/0,130061744,139190329,00.htm


A variant of the Sober virus was discovered on Monday that attempts to fool people into executing its payload by pretending to be an e-mail from soccer world governing body FIFA offering free tickets to the 2006 World Cup in Germany.

The latest Sober worm, which operates in a similar fashion to others of its kind, uses various e-mail subject headers to try to entice people into opening its attachment. The virus then harvests e-mail addresses from the victim and directs a barrage of spam to those addresses. However, the worm avoids sending messages to companies involved in the anti-virus and security industry.

Anti-virus firm Trend Micro has highlighted the worm's use of social engineering to spread and rated it a "medium risk".

"This is a prime example of social engineering -- these games are very popular worldwide and even users who are savvy enough to suspect this e-mail is a fake, may take a risk and click on the attachment anyways in hopes of getting free tickets," said Jamz Yaneza, senior virus researcher at TrendLabs.

E-mail security specialist MX Logic has issued a statement warning that Sober is exploiting the fact that FIFA has kicked off the second phase of 2006 ticket sales to the cup on Monday -- the same day the variant was discovered.

"This is the latest in a very prolific family of mass-mailing worms... It demonstrates, once again, that worm authors are continually improving social engineering tactics, highlighting the need for businesses and consumers to remain constantly vigilant against the ever changing tactics of worm authors," said Scott Chasin, chief technology officer at MX Logic.

Antivirus firm McAfee has given the worm a "medium" risk rating for home PC users. Craig Schmugar, virus research manager for McAfee Avert, said the multi-lingual abilities of the worm are helping it spread.

"The social engineering has been very effective... They will use German messages for German Windows users. They tell them they've won tickets to the World Cup, and that has been an effective (ploy) for that region," said Schmugar.

CNET News.com's Dawn Kawamoto contributed to this report

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.