9/11 virus, aka W32.Neroma@mm

05 September 2003

First 9/11 virus discovered

Antivirus researchers late Wednesday discovered what is being described as the first of potentially many "9/11" anniversary viruses spreading on the Internet.

While it's too early to tell what, if any, damage the new virus is causing, Eric Kwon, president and CEO of San Jose-based Hauri, the company that discovered the virus, said its impact seems to be similar to that caused by the recent outbreak of the Sobig worm, which overloaded email servers with large volumes of spam.

The 9/11 virus contains the headline "It's Near 911" or a similar variation, as well as an attachment labelled "911.jpg." Users should not open the email or the attached file.

"Like previous worm viruses, the 9/11 virus collects email lists from Microsoft Outlook in order to spread more rapidly, using the provocative headline about 9/11 to get the unsuspecting user to open the email," said Kwon. "In this case, there also appears to be an intention of causing fear, as well as a possible political motivation."

Many virus experts have been expecting an outbreak of some kind of specific 9/11 virus or worm, and this may be just the first of many to appear in the wild during the next two weeks, added Kwon.

Antivirus company Symantec also identified the virus, which it called W32.Neroma@mm, on its website, saying it is a "mass-mailing worm that attempts to use Microsoft Outlook to e-mail itself to all the contacts in the Windows Address Book."


Source: ComputerWorld