Tsunami disaster donation plea is really a virus.
Virus experts at Sophos have discovered a mass-mailing worm that poses as a plea for donations to help with the Indian Ocean tsunami disaster.
The W32/VBSun-A worm spreads via email, tempting innocent users into clicking onto its malicious attachment by pretending to be information about how to donate to a tsunami relief effort. However, running the attached file will not only forward the virus to other internet users but can also initiate a denial-of-service attack against a German hacking website.
Emails sent by the worm have the following characteristics:
Subject line:
Tsunami Donation! Please help!
Message text:
Please help us with your donation and view the attachment below! We need you!
Attachment name:
tsunami.exe
W32/VBSun-A is a simple mass mailing worm written in Visual Basic. It attaches itself to emails with the following characteristic:
Subject line: Tsunami Donation! Please help!
Message text:
Please help us with your donation and view the attachment below!
We need you!
Attachment name: tsunami.exe
W32/VBSun-A will attempt to send itself to addresses found in the victim's outlook address book.
W32/VBSun-A will drop the following files in the Windows folder:
crssr.exe
raz32.exe
tsunami.exe
The following registry entry will be created so that the worm is run when a user logs on to Windows:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CaptionMgr32
W32/VBSun-A will also attempt to carry out a DoS against
www.hacksector.de.