Copyright 2001

[ September 4th 2001 ]

Kaspersky Laboratories, an international data-security software developer, have announced today the detection of the Internet worm "Lara": the first malicious program that spreads in Desktop Themes files. At the moment, Kaspersky Lab has received two reports of infections by this worm.

"Lara" spreads exclusively via Internet Relay Chat (IRC), transferring the "LaraCroft.theme" worm-carrying file to remote computers. The file name is presented to users in a deceitful way, masking itself as a Windows desktop decorating application according to the "Tomb Raider" theme.

Upon starting the infected file, "Lara" scans the available disks, searching for the location IRC-related programs (mIRC client), and modifies their system files. As a result, the worm sends out its copies to all users connected to the same IRC-channel as the infected computer.

The malicious program contains no other payload. "We classify 'Lara' most likely as being a proof-of-concept malicious code. The ease with which it is detected and deleted, coupled with the relatively low popularity of the IRC-channels, means that there is not any possibility of a global epidemic happening," assessed Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab.

Defence procedures thwarting "Lara" have already been added to the daily Kaspersky Anti-Virus database updates. For a more detailed description of this Internet worm, visit the Kaspersky Virus Encyclopaedia at

Copyright (c) 2000 - 2024 is not owned or operated by CDE Entertainment Ltd.
Lara Croft and Tomb Raider are trademarks of CDE Entertainment Ltd.
Materials in this web site are trademarked and copyrighted properties of their respective owners.