New "WTC" virus warning

Security experts have issued a warning about a dangerous new e-mail virus that exploits the issues behind the recent terrorist...

Security experts have issued a warning about a dangerous new e-mail virus that exploits the issues behind the recent terrorist attacks against the US and the political fallout between Muslims and non-Muslims.

Officials at antivirus vendor Trend Micro said companies should be on the lookout for the "WTC.exe" virus, which arrives via an e-mail attachment and carries malicious code that reformats the recipient PC's hard drive, deletes files and attempts to eliminate the system's antivirus protection software.

The virus comes almost two weeks after the 11 September terrorist attacks against the World Trade Centre (WTC) and the Pentagon, and preys on individuals' natural curiosity about the attacks.

The subject line of the e-mail carrying the virus reads: "FW: Peace between America and Islam". The body of the message reads: "Hi, Is it a war against America or Islam. Let's Vote to live in peace".

The attacks on the World Trade Centre and the Pentagon have been linked to Osama bin Laden, who has declared a jihad - or Islamic holy war - against the US. Since then, Muslim-American religious leaders and other political leaders, including President George W Bush, have emphasised that bin Laden and his extremist terrorist organisation do not represent the beliefs of Islam or of the Muslim world in general.

According to Trend Micro spokeswoman Susan Orbuch, "the timely social engineering of this virus leads us to believe that it has a high likelihood of spreading. Corporations should be using content filters to block executables at the gateway so users don't even have a chance to open these things."

The name of the virus is TROJ_VOTE.A. Preliminary analysis by Trend Micro indicates that it was created using Visual Basic 5 and uses the Microsoft Outlook address book to propagate. The virus not only reformats the user's hard drive, but also deletes certain AV files, installs a file called Zacker.vbs, modifies the Internet Explorer start-up page and modifies the user's autoexec.bat file to include a command to reformat drive C.

Jack Danahy, senior vice-president of server security at WatchGuard Technologies, said the new virus is similar to the "I Love You" virus because it first sends a copy of itself to everybody in the recipient's e-mail address book.

Read more on Antivirus, firewall and IDS products