A sixth variant of the Akher worm, presenting itself as offering “adult” images of actors Brad Pitt and Angelina Jolie, features a payload reported to have Microsoft Windows Update as a denial-of-service target, according to reports late March 31.
Called Akher-F, the worm comes in an attachment labeled Clip.zip in e-mails headed “Watch Angelina Jolie and Brad Pitt cought [sic] on TAPE! SEXY CLIP! WATCH IT!”, according to tech news site vunet.com.
The worm also copies itself onto a user’s hard drive if the attachment is opened, trying to shut down antivirus software on the machine and spread itself through e-mail, Internet Relay Chat, and peer-to-peer systems, vunet.com added.
Sophos senior technology consultant Graham Cluley said that the new bug tries to take advantage of people’s appetite for salacious gossip, even though exploiting that is an old trick.
“[S]ome may be tempted to run what appear to be pornographic movie files distributed across the Internet,” he said. “However, virus writers have a long history of disguising their malicious code as this kind of content. Everyone should be very careful about what they choose to run on their computer.”
Akher-F is believed to be the work of a virus writer known as Agent Hacker, who is also believed to have written the previous five versions of the worm. Akher-F includes a message for antivirus vendors, according to Sophos: "Agent Hacker rules!" and "Genes don't contain any record of humain [sic] history, you'll NEVER catch me! (Agent Hacker - Bazzi.)”
