'Deadcode' virus attempts political mischief

Security experts today warned users to be on their guard against the newly discovered Deadcode-A virus which infects executable files on compromised computers and displays a political message when launched.

The text of the message, which reads 'BlackHand.w32 Long Live Great Serbia', is believed to refer to a nationalist slogan used by Serbian Radical Party politician Tomislav Nicolic to finish his speeches.

According to security firm Sophos, a group of Serbian nationalists calling themselves Crna Ruka ('Black Hand') defaced a number of Croatian and Albanian websites in the late 1990s with the message 'Long Live Great Serbia'.

The hackers took their name from a Serbian nationalist group active at the beginning of the 20th century, one of whose members assassinated Archduke Franz Ferdinand in Sarajevo, triggering the series of events which lead to the outbreak of the First World War in 1914.

"Whether the Deadcode virus is written by the same Black Hand hacking gang which attacked websites in the late 1990s is uncertain, but it's quite possible that this virus is written by a 'copycat' who is sympathetic with the Serbian nationalist cause," said Graham Cluley, senior technology consultant at Sophos.

"However, there is a long history of innocent users being infected by viruses which have attempted to spread political messages. Everyone should ensure that their defences are kept updated."

It appears that the virus writer wanted his creation to be called 'BlackHand', but Sophos researchers have instead chosen the name 'Deadcode' for the virus.

"Generally the experts in our laboratories don't like to use the same name that the virus writer may have wanted for his malware," explained Cluley.

"After all, why should we feed their egos by using the name they've embedded in their malicious code?"

Other viruses which have spread a political message include the recent Mirsa-A, which spread a message allegedly in support of the Fathers 4 Justice campaign, Maslan-C, which launched a series of denial-of-service attacks on websites run by Chechen rebel separatists, and Cycle-A, which complained about the quality of life in Iran.