UK Edition

VIRUS EXPLOITS LONDON TUBE BOMBS
BBC News
July 11, 2005

http://news.bbc.co.uk/1/hi/technology/4671111.stm

Virus writers are using the London bombings to spread malicious programs.

A Windows virus has been created that claims to link to amateur video footage of the aftermath of one of the bombs on the London Underground.

Anyone following the link in the e-mail will have their computer infected by a program that puts it under the remote control of the virus creator.

The virus tries to look more legitimate by posing as a newsletter from U.S. news organization CNN.

VIDEO GRAB

The virus is travelling in an e-mail which bears the subject line: "TERROR HITS LONDON" and comes from a spoofed e-mail address.

The body of the message tells those receiving it to click on the attached file which claims to show amateur video footage shot in the London Underground immediately after one of the bombs went off.

A file called "London terror moovie.avi" is attached to the malicious e-mail. Hidden after a long series of blank spaces is the real title of the file that is attached.

An attempt has been made to make this look harmless by giving it the name: "Checked by Norton Antivirus.exe".

Anyone clicking on the file will not be shown a video. Instead their PC will be infected by the as yet un-named Trojan.

Next time the compromised machine is started, it will report in to the virus creator and become part of a spam-sending zombie network.

Because it relies on people clicking on the attachment, the malicious program can affect Windows 2000, 95, 98, Me, NT, XP and Windows Server 2003.

Although the program is not widely distributed, security companies asked people to be vigilant and update their anti-virus software regularly.