A new variant of the Leave worm is doing the rounds in the guise of a Microsoft security bulletin, according to antivirus experts.
The worm first appeared last month as a self-propagating virus that infected machines already made vulnerable by the SubSeven Trojan horse. Among other things, it synchronises an infected computer's clock with that of the US Naval Observatory.
According to reports, the newest version of the virus, Leave B, features more sophisticated programming including stronger encryption and packing techniques. Because of the clock synchronisation feature, its most likely intention is to be used as a zombie in a distributed denial of service attack.
According to antivirus researchers, the worm is contracted through a security bulletin falsely claiming to be from Microsoft. The message arrives with the heading 'Microsoft Security Bulletin MS01-037' and includes a fake warning about a vulnerability in Windows.
The author has used the standard Microsoft security bulletin template to make the forgery more believable. A link to download a patch is also included in the email, which is where the vandal came unstuck. The link followed the format http://[email protected] followed by a string of numbers and the filename, cvr58-ms.exe, which was actually the virus.
But any sharp eyed user would have spotted that the string of numbers represent an IP address and by putting microsoft.com before the @ symbol, a web browser would interpret the word as a user name which, on a public website, would be accepted. The tactic is quite commonly used to fool people into thinking they are on a different site.
Over 10,000 machines have been reported as infected with the original Leave worm but there have so far been few reports of Leave B in the wild. Although the intentions of the virus writer are unclear, the occurrence of hacker gathering DefCon in Vegas this week is sparking many a paranoid rumour.
A majority of virus firms have released signature updates to tackle Leave B, which are available from the relevant websites.
Yeah, sorry about all that, simpers Zuckerberg
Vivaldi promotes DuckDuckGo search engine over Google over privacy concerns
Scientists say that strontium titanate could transform electronics
The wheels of justice grind surprisingly slowly