However, the e-mails actually contain a new worm called Ganda. The worm, which is thought to originate from Sweden, is in the wild, and travels in an e-mail with a variety of subject lines and body text, all intended to trick recipients into running the virus-ridden attachment.
Jack Clark, product manager at McAfee, said: "We're keen to stress that we still have this virus as a low risk at the moment. But it does show how far some virus writers are prepared to go to get attention."
Again this latest virus scare reveals a continuing trend of social engineering--the practice of picking a particularly topical event, subject or figure and using it as a hook to tempt computer users into launching a virus.
The most common ploy involves offering candid shots of popular celebrities, as seen with the recent Catherine Zeta Jones worm. Clark describes this as a "go for the loins" approach, but in wartime such a practice can become more sinister.
With the Iraqi conflict likely to be the largest international skirmish since the widespread adoption of e-mail in offices and homes worldwide, social engineering is likely to play an even greater part in the spread of similar viruses.
Clark said: "Virus writes will use any occasion that they think will work on computer users, no matter how sick--be it the attack on the World Trade Center or the war with Iraq. They are just looking for attention and will use anything that will guarantee them media attention."
Clark believes there will be a lot more viruses launched in e-mails related to the war in Iraq. "This isn't going to be the last," he said. "Virus writers will play upon people's curiosity for information about the war. Virus writers aren't particularly clever.
Once they are presented with a successful method of getting people to launch viruses they will adopt it for themselves."
Once activated Ganda behaves much like any other self-propagating worm. It will e-mail itself to addresses in the infected machine's Outlook e-mail address book. It also scans the machine looking for security applications--such as McAfee, Norton or Sophos anti-virus products--and will then shut them down.
Clark advises anybody to treat e-mails purporting to be about the war in Iraq with suspicion and again, only open e-mails when you can vouch for the source.
He added: "The good thing is that this virus hasn't had much of an impact, but it has alerted people to the potential dangers of war-related e-mails."
