New WTC.exe Virus Is Not Widespread

Helsinki, September 25, 2001 , F-Secure Corporation informs that a new virus Called Vote is not widespread. Spreading in a file called WTC.EXE, Vote is a simple Visual Basic virus, which uses the WTC tragedy as a ploy to get people to execute it. It spreads further via e-mail as a mass mailer. Vote activates next time when the system is rebooted: at this time it tries to delete all files from the Windows directory, format drive C: and display a message about ruling the world.

The e-mails sent by the worm look like this:

From: name-of-the-infected-user

To: random-name-from-address-book

Subject: Fwd: Peace Between America and IsLaM !

Hi iS iT waR Against AmeriCa Or IsLaM !?

Let’s Vite To Live in Peace!

Attachment: WTC.exe

Vote was found on the 24th of September, 2001 – 13 days after the WTC tragedy.

F-Secure has not received any reports from this worm from the field.This virus is not widespread at this time. It is not likely to become widespread either.

“Apparently this simple virus is written by a teenager”, comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure. “It’s awful that anyone would use a tragedy like this as a ploy to spread their virus”

F-Secure Anti-Virus detects and removes the Vote virus.