AV Vendors Warn of Clinton Worm

A new worm masquerading as a visual joke about Bill Clinton represents the latest social engineering attempt by virus writers to get users to commit an old mistake.

Payload damage is potentially serious, but horrible spelling errors make it unlikely that any but the least sophisticated users will be affected, antivirus vendors say.

The official name is the Caricature e-mail worm (W32/Caric-A), and Sophos advises that the virus is in the wild.

The subject line is "bill caricature" and the attachment is named "cari.scr."

One particularly insidious touch is text at the bottom of the message declaring that has failed to find a virus in the attachment. Unfortunately for the virus writer, the subtlety is blown by the virus writer's inability to spell: "No viruse [sic] found."

Users foolish enough to run the attachment anyway will see a cartoon of Bill Clinton playing a saxophone with a bra emerging from it. The worm will then forward itself to everyone in the victim's address book.

According to, the worm may attempt to wipe critical system files at certain times of day after a system restart.

"Fortunately, the terrible spelling in this worm's message will leave well-informed users in no doubt that this email is one to be avoided. Those practicing safe computing should not be caught out," says Chris Wraight, a technology consultant for Sophos Americas.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

comments powered by Disqus
Most   Popular