Worm poses as tsunami relief fund email

A worm has been discovered that poses as an email about relief funds being collected for tsunami victims.

Known as WORM_ZAR.A, internet content security company Trend Micro has warned that opening the EXE attachment can initiate denial-of-service (DoS) attacks on a German hacker website.

If the attachment is opened it also emails itself to all the contacts in the user's outlook address book and automatically activates each time the infected computers are started, according to a statement from Trend Micro.

Ben Guthrie, product marketing manager for Trend Micro Australia, said that it has also seen examples of phishing following the tsunami tragedy.

Guthrie said that the worm was currently considered a reasonably low threat, and they hadn't seen it in great quantities. He pointed to similar worms and exploits that had surfaced around the time of the World Cup, and also after September 11.

"Viruses exploit every major international event, such as the September 11 tragedy or the World Cup and a number of phishing cases have surfaced since the tsunami disaster in South Asia," according to a statement from Trend Micro.

"The WORM_ZAR.A takes advantage of the public's compassion to not only propagate, but also indirectly attack other websites. The text of the email, stating 'Please help us with your donation and view the attachment below! We need you!' is very simple, yet is enough to lure victims into opening the attachment. The virus author is obviously using the tsunami disaster as a cover to initiate a DoS attack to interrupt and even paralyse the specified website."