According to antivirus company Sophos, the VBS/Chick-F virus arrives via e-mail as a compressed HTML file that carries the subject "RE: Korea Japan Results." Once the attachment is executed, the text "Enable activeX To See Korea Japan results" is displayed.
If ActiveX is enabled, the virus will search a user's C:, D: and E: drives for an Internet Relay Chat (IRC) executable file. Once located, the virus is copied onto the C: drive as "koreajapan.chm" and propagates itself to people who are on the same IRC channel. The virus will then send an e-mail to the first entry in the person's Microsoft Outlook address book with the same subject line.
"Whoever wrote this virus is aiming to exploit soccer fans hungry forabout their team's progress," said Graham Culley, senior technology consultant at Sophos.
So far the company hasn't received reports of an infection, but it said that the virus was detected after Sophos fielded several queries from customers. "They've been contacting our support center in the (United Kingdom) since Thursday," said Charles Cousins, Sophos Asia's managing director.
Sophos was unable to detect the origins of the virus and said it wasn't circulating "in the wild."
In May, Sophos warned companies to be wary of security threats during the World Cup, as fans might unwittingly download infected programs while scouring the Web for soccer-related screensavers, spreadsheets and electronic wall charts.
CNETAsia's Fran Foo reported from Singapore.