CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Security

Naked pinups revealed as virus

Worm disguised as photos of glamour models aims to swamp Chechen separatist Web sites.

An antivirus vendor is warning people to be on the lookout for a worm disguised as nude glamour pinups, though the virus's threat level is very low.

The Maslan worm appears to be politically motivated, with infected machines intended to launch a denial-of-service attack against Web sites run by Chechen separatist supporters, antivirus firm Sophos said in an advisory Thursday.

According to Symantec, W32.Maslan.C@mm is a mass-mailing worm that opens a back door and exploits system vulnerabilities on a compromised computer. The worm also steals passwords using a keylogger. In addition, it attempts to attack a series of firewalls and antivirus settings on an infected machine.

The virus controls which e-mail addresses it spreads to, avoiding most Web mail addresses and any others that may report to antivirus or filtering companies, apparently a crude attempt to avoid detection. Panda, Sophos and Symantec have all been blacklisted by the worm, along with words such as "abuse," "privacy" and "spam," which, if they appear an e-mail address, may be an indication of an address used to report unsolicited or malicious mail.

Currently, the e-mail spreading in the wild has the subject line "123" or "12345" and an attached file called "Playgirls2.exe" or "Playgirls_2.exe," security companies said.

Sophos said the virus is timed on the first day of each month to attempt to launch a denial-of-service attack intended to swamp the targeted Web sites with Internet traffic.

Will Sturgeon of Silicon.com reported from London.