Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Worm uses Mario to bait victims.

Sophos : 30 July, 2007  (Technical Article)
Mario Brothers nostalgia snares victims into running Romario-A work which then runs daily on host computer.
IT security and control firm Sophos is warning of a new mass-mailing worm that is capitalising on users' enthusiasm for Nintendo's iconic character, Mario. Once they open the email, recipients are requested to click on an attachment that promises to run one of the classic Super Mario Bros games.

The infected emails actually contain the Romario-A worm, which in addition to launching a game starring the portly Italian plumber, also attempts to infect other unprotected computers via mass-mailing itself as a file attachment, as well as spreading via removable shared drives.

Sophos experts note that Romario-A aims to cause maximum impact by scheduling a daily task to ensure the worm runs regularly at a specified time.

'Fraudsters are constantly innovating to find new ways of tapping into users' psyches to tempt them into clicking on infected links and attachments,' said Graham Cluley, senior technology consultant at Sophos. 'Nintendo's resurgence in the games market with the Wii console and Mario's global retro appeal are factors playing directly into the hands of cybercrimals keen to dupe users. This kind of attack is particularly stealth-like because nostalgic gamers can actually play the game once they click, giving them no reason to suspect that something more sinister is lurking beneath.'

Romario-A is the latest in a series of malware that purports to be computer games or to actually run real games. This trick has been employed many times in the past by malware authors, notably, the W32/Bagle-U worm, which attempts to start the Microsoft Hearts game, the W32/Coconut-A virus, which urged infected users to throw coconuts at pictures of a computer security expert and the Troj/Gonori-A Trojan, which plays Minesweeper when run.

The worm is also set to run when files with extensions of BAT, COM, PIF and SCR are opened or launched.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo