Johannesburg, 21 Jul 2003
NetXactics, southern African distributor for Sophos Anti-Virus, has reported that the new Gruel worm (W32/Gruel-D), the latest in a number of variants of the worm - which poses as a critical security patch from Microsoft - actually attempts to launch a double-edged attack on the Windows operating system.
In addition to attacking the Windows installation, the worm displays a message abusing the Microsoft operating system.
The worm, which arrives with the e-mail subject line `Microsoft Windows Critical Update`, claims to include patches for the latest security vulnerabilities. However, if the attached file is opened, a fake message box can appear berating the Windows operating system in a lengthy tirade. Insults include: "Windows sucks...Windows has always sucked...It`s a scam and Capitalism Sucks! Communism Sucks."
"Judging by his lengthy rant, the author of Gruel seems to either have taken one conspiracy pill too many or has the most enormous chip on his shoulder," said Brett Myroff, CEO of NetXactics. "Gruel is the latest in a line of viruses to have pretended to have come from Microsoft, in an attempt to trick unsuspecting users into running them. But it goes one step further by displaying a scathing attack on the Windows operating system claiming it is a scam to fleece computer owners.
"Patching computers against critical vulnerabilities makes sense - but patches should be downloaded directly from the vendor`s Web site, rather than from an unsolicited e-mail," continued Myroff.
When executed, the Gruel worm sends itself to all the user`s e-mail contacts, disables many Windows features - including task manager, logoff, shutdown, lock computer and change password - and also deletes many files in the Windows system folder.
The arrival of the Gruel worm coincides with genuine announcements from Microsoft of several serious new security flaws found in its operating systems software.
Sophos reminds users to be wary of unsolicited files and that Microsoft never distributes security patches via e-mail. To update systems against Microsoft flaws, users and system administrators should visit the relevant area of Microsoft`s Web site at http://www.microsoft.com/security.
For more information about the Gruel worm and to see the lengthy anti-Windows rant in full, please visit: www.sophos.com/virusinfo/analyses/w32grueld.html
Share