A new computer worm attempts to spread by taking advantage of concerns over the killer flu-like virus, SARS. Known as Coronex-A, the mass-mailer worm forwards itself to all contacts in Outlook address books and attempts to dupe computer users into opening infectious attachments by claiming they offer details on the current SARS epidemic. Coronex is a Windows-only worm whose spread, thus far, has been minimal.
The Coronex worm uses a variety of subject lines, message bodies and attachment names to entice users into double-clicking including: "Severe Acute Respiratory Syndrome", "SARS Virus" and Hongkong.exe. "The worm has been deliberately coded to exploit the public"s genuine concern about SARS, and is just a further demonstration of the ways that virus writers attempt to use psychological trickery to spread their creations," said Graham Cluley, senior technology consultant for Sophos Anti-Virus.
Cluley believes it is important for AV vendors to avoid using "the SARS virus" moniker for the malicious code in order to reduce the possibility of confusion and panic over the virus. As usual, users are advised to update their anti-virus protection as a precaution against infection. In corporate environments, firms should consider blocking executable files at the gateway. There"s little legitimate reason to send executables or screensavers via email but these routes of distribution are frequently used by virus writers.