Sophos discovers hooting virus
By Staff Writers, CRN 12 May 2006 10:47 AEST Security
Anti-virus vendor Sophos has discovered a worm that attempts to send a photograph of an owl to attached network printers.
The W32/Hoots-A worm is written in Visual Basic, spreading via network shares. When it infects a computer it attempts to send a graphical image of an owl with the legend "O RLY?" to a number of predefined print queues.
The phrase "O RLY?" is internet slang for "Oh really?", and is often accompanied by a picture of a snowy white owl.
Graham Cluley, senior technology consultant for Sophos said this wasn’t the work of a professional virus writer.
“Most malware authors these days encrypt their executables with packers in an attempt to make them harder to detect, this one does not. It is also written in Visual Basic, which is unusual for a virus today,” he said.
However the worm was hard-coded within and targets a specific network path to almost 40 different printers.
"It appears this malware was written for a specific organisation, by someone who had inside knowledge of their IT infrastructure," said Cluley.
By Staff Writers, CRN 12 May 2006 10:47 AEST Security
Anti-virus vendor Sophos has discovered a worm that attempts to send a photograph of an owl to attached network printers.
The W32/Hoots-A worm is written in Visual Basic, spreading via network shares. When it infects a computer it attempts to send a graphical image of an owl with the legend "O RLY?" to a number of predefined print queues.
The phrase "O RLY?" is internet slang for "Oh really?", and is often accompanied by a picture of a snowy white owl.
Graham Cluley, senior technology consultant for Sophos said this wasn’t the work of a professional virus writer.
“Most malware authors these days encrypt their executables with packers in an attempt to make them harder to detect, this one does not. It is also written in Visual Basic, which is unusual for a virus today,” he said.
However the worm was hard-coded within and targets a specific network path to almost 40 different printers.
"It appears this malware was written for a specific organisation, by someone who had inside knowledge of their IT infrastructure," said Cluley.