LARA CROFT THREATENS
Copyright 2001 www.tombraiderchronicles.com
[ September 4th 2001 ]
Laboratories, an international data-security software
developer, have announced today the detection
of the Internet worm "Lara": the first malicious
program that spreads in Desktop Themes files.
At the moment, Kaspersky Lab has received two
reports of infections by this worm.
spreads exclusively via Internet Relay Chat (IRC),
transferring the "LaraCroft.theme" worm-carrying
file to remote computers. The file name is presented
to users in a deceitful way, masking itself as
a Windows desktop decorating application according
to the "Tomb Raider" theme.
starting the infected file, "Lara" scans the available
disks, searching for the location IRC-related
programs (mIRC client), and modifies their system
files. As a result, the worm sends out its copies
to all users connected to the same IRC-channel
as the infected computer.
program contains no other payload. "We classify
'Lara' most likely as being a proof-of-concept
malicious code. The ease with which it is detected
and deleted, coupled with the relatively low popularity
of the IRC-channels, means that there is not any
possibility of a global epidemic happening," assessed
Eugene Kaspersky, Head of Anti-Virus Research
at Kaspersky Lab.
procedures thwarting "Lara" have already been
added to the daily Kaspersky Anti-Virus database
updates. For a more detailed description of this
Internet worm, visit the Kaspersky Virus Encyclopaedia