Mass mailing worm infects Mario

Mike Bantick
Tuesday, 31 July 2007 07:55

Your IT - Home IT

While you are plundering platforms with the plucky plumber watch out! Mario has worms.

Security firm Sophos reports that a mass mailing email worm is doing the rounds carrying the W32/Romario-A variant.

As is always the case with these security alerts, the email plays off the recent popularity of Nintendo gaming platforms the Wii and DS.  The attempt is to socially engineer the reader into clicking on a link to play a classic Mario game.

Once clicked the link does indeed launch a game containing the moustachioed, pint-sized, overall lover.

But, in the background more sinister code is at work as the worm is installed. 

The worm will attempt to infect other unprotected computers by mass mailing copies of it.

According to the report, the worm will schedule itself to run each day.  It is also set to run when files with extensions of BAT, COM, PIF and SCR are opened or launched

It is not the first time virus authors have tried the ‘click to play a game’ trick – Sophos notes previous examples; the W32/Bagle-U worm attempts to start the Microsoft Hearts game, the W32/Coconut-A virus starts a Coconut game and the Troj/Gonori-A Trojan plays Minesweeper when run.