Worm Plays On Rumours Of Romance Between Brad Pitt And Angelina Jolie
Experts at SophosLabs, Sophos’s global network of virus and spam analysis centres, have discovered a worm which plays upon the public’s interest in movie stars Brad Pitt and Angelina Jolie, as well as celebrities such as Britney Spears, Pamela Anderson and Paris Hilton.
The Ahker-F worm (W32/Ahker-F) spreads via email using messages such as: “Watch Angelina Jolie and Brad Pitt cought on TAPE! SEXY CLIP! WATCH IT!”
Sophos believes the worm’s author (who calls himself ‘Agent Hacker’) is capitalising on media interest in Brad Pitt and Angelina Jolie’s possible friendship. There has been speculation that the film stars’ relationship may have contributed to the recent breakdown of Pitt’s marriage with ex-Friends’ actress Jennifer Aniston.
If the attached file, Clip.zip, is opened and executed the worm will attempt to spread to other email users.
“People’s appetite for salacious gossip is insatiable, and some may be tempted to run what appear to be pornographic movie files distributed across the internet,” said Graham Cluley, senior technology consultant for Sophos. “However, virus writers have a long history of disguising their malicious code as this kind of content. Everyone should be very careful about what they choose to run on their computer.”
“If people want to read and look at this kind of stuff they may be better off picking up a copy of their favourite magazine, rather than using their PC,” continued Cluley.
As well as spreading via email, the worm attempts to spread via file-sharing networks using a variety of lewd sounding filenames such as PORNO.exe, XXX.exe, Naked WWE Divas.exe, Naked Britney.exe, Naked Celebrity.exe, and Celeb uncensord.exe. It also attempts to launch a distributed denial of service attack against Microsoft’s security update website used by millions of computer users around the world. Additionally, the Ahker-F worm attempts to disable security-related software on Windows computers and block access to anti-virus websites.
Curiously, the virus writer has embedded a number of secret messages inside his code including: “Agent Hacker rules!” and “Genes don’t contain any record of humain history, you’ll NEVER catch me!(Agent Hacker – Bazzi”.
Although there have only been a small number of reports of the worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.
Further information about Ahker-F is available at: