Christmas emails have sting in their tail

Bah-humbug! Festive office workers have been warned to beware an emailed Christmas carol that contains a damaging internet worm.

Known as the I.worm.music, or W32/Music worm, it first emerged in September, only to resurface last week as a friendly Christmas email with a Christmas carol attached as a .exe file. It can potentially disrupt mail servers in the same way as this summer's notorious Lovebug.

Music worm carries the subject line 'Testing to send file' followed by one of two email messages greeting users and saying there's some music they'll like attached. It then copies itself to the Windows system directory using sysmcm.exe and registers in the auto-run registry. It can then download plug-ins from hostile websites to upgrade itself.

Although acknowledged as having the ability to spread itself quickly, experts said the worm is more of an irritant than a threat to corporate data, but added that it is a good example of why email users should be on their guard in the run-up to Christmas.

Denis Zenkin, head of corporate communications at antivirus vendor Kaspersky Labs, said: "We have rated it a potential epidemic, but this refers more to its ability to spread than the damage it causes. It is an annoyance rather than something which attacks data."

Other vendors said it is a timely reminder of how users should treat email attachments.

Eric Chien, chief researcher at Symantec, said: "This is a known worm for which fixes are available, but the chances of it spreading have been increased by this Christmas guise. Generally, the chances of worms spreading are more dependent on human factors than software.

"I'd tell people to treat attachments with the same degree of care as they would in answering a knock on their front door at 3am."

Network Associates said this is the second seasonal virus it has received reports about, but added that it has a low-risk rating because it has not been reported in the wild. However, users should expect more attacks in the run-up to Christmas.

Jack Clark, European product manager at Network Associates, warned: "We're already seeing more and more seasonal files being passed around, mostly as .exe attachments.

"It used to be the case where we warned: 'Don't open attachments from strangers'. Now, however, they can arrive from friends and colleagues. We'd advise users not to open .exe files - the jokes aren't worth the risks."