Playboy Virus Dropping Dangerous Backdoor

The mass-mailing worm promises naked photos of Playboy models, but experts warn that it drops a backdoor capable of terminating the processes of anti-virus applications.

Anti-virus vendors have raised the alarm for a new mass-mailing worm with a dangerous backdoor component.

The worm, called W32.Maslan.C@mm, arrives as an attachment promising naked photos of Playboy models but, if executed, drops an IRC (Inter Relay Chat) bot capable of transmitting passwords and sensitive information back to the virus writer.

According to an alert from McAfee, the backdoor is powerful enough to terminate the processes of various anti-virus security applications.

The worm also spreads itself via poorly secured network shares and weak passwords and takes advantage of two known exploits—LSASS and RPC-DCOM—affecting Microsoft Windows users. Patches for both exploits have been available for some time, but unpatched machines are vulnerable to worm infection.

According to Sophos, Maslan-C copies itself to the Windows system folder and creates a number of other files on the computer which make up the components of the worm.

It constructs messages using its own SMTP engine and harvests target e-mail addresses from the victims machine. The worm uses several masking techniques including spoofed sender addresses and has been programmed to monitor Internet Explorer browser sessions to capture data relating to various financial sites.

An advisory from Symantec rates the risk as low, but distribution remains high.

The use of naked celebrity images as a virus infection tactic is nothing new. In the past, virus writers have attached the names of celebrities such as Anna Kournikova, Britney Spears and Halle Berry to mass-mailing worms.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.