The Merkur worm, aka W32.HLLW.Merkur@mm arrives in email form with the subject "Update your Anti-virus Software" and has an attachment named "Taskman.exe".
The worm relies solely on the recipient being fooled into running the attachment to spread.
Like similar worms that have used "social engineering" to lure in unsuspecting victims, the Merkur worm sends itself to everyone in the victims' address book when it is opened.
The also worm deletes any multimedia files located in p2p file sharing directories. It targets share directories used by KaZaA, Bearshare and eDonkey software.
The "process" the worm uses to delete these files is named "Pr0n.bat". Pr0n is common hacker slang for "porn".
The Merkur worm then copies itself into the p2p share directories under many different names. One of the names is "Virtual Sex Simulator.exe", chosen to appear more appealing to other users on file sharing networks.
If this file is downloaded over the p2p network and then run the infection process starts on the new victim's computer.
It will also affect users of the chat program mIRC. The worm creates a script that attempts to send itself to other users in the same chat channel under the name "screensaver.exe".
Concerned users should update their antivirus definitions.
Is this the beginning of the MPAA's global war against P2P FSNs, or just supposed to look like it?