The W32/VBSun-A worm spreads via e-mail, tempting
innocent users into clicking onto its malicious attachment by
pretending to be information about how to donate to a tsunami
relief effort.
However, running the attached file will not only forward the
virus to other internet users but can also initiate a
denial-of-service attack against a German hacking website.
E-mails sent by the worm have the “Tsunami Donation! Please
help!” subject line, and the “Please help us with your donation and
view the attachment below! We need you!” message text. The
attachment’s name is “tsunami.exe”.
"Duping innocent users into believing that they may be helping
the tsunami disaster aid efforts shows hackers stooping to a new
low," said Graham Cluley, Sophos senior technology consultant.
"This gruesome insensitivity is a despicable ploy to get curious
computer users to run malicious code on their computers. Everyone
should be wary of unsolicited e-mail attachments," he said.
W32/VBSun-A is not the first virus to try and take advantage of
the tsunami disaster in an attempt to spread. The VBS/Geven-B worm
tried to spread a message earlier this month that the tsunami was
God's revenge on "people who did bad on Earth".
There have also been a number of e-mail scams distributed by
criminals posing as victims in an attempt to steal money.
Sophos said that so far there have only been a small number of
reports of the W32/VBSun-A worm.