DuLoad Provides Sad Snapshot Of Virus Writer Psyche

The DuLoad worm (W32/Duload-A), which has the potential to infect PCs connected to the KaZaA file sharing network, may be a damp squib when it comes to infecting users, but it certainly provides an interesting insight into the topics that may occupy many virus writers’ minds, according to Sophos.

The DuLoad worm randomly creates disguises for itself using a pool of 39 filenames. These filenames – which reflect a preoccupation with sex, celebrity, computer games and hacking – include ‘J. Lo Bikini Screensaver.exe’, ‘Kama Sutra Tetris.exe’, ‘Free Mpegs.exe’ and ‘The Sims Game crack.exe’, as well as some pornographic references.

“DuLoad provides a snapshot of many virus writers’ minds. Often obsessed with sex and computer games, virus writers are much more likely to be teenage males than crack cyberterrorists bent on the annihilation of the internet,” said Graham Cluley, senior technology consultant at Sophos. “Let’s all hope that when the new school term begins, these ‘script kiddies’ will find their time is taken up with homework, giving them less opportunity to write computer viruses.”

Although Sophos has not received reports of the DuLoad worm from the wild, Sophos reminds all computer users to keep their anti-virus protection up-to-date and practise safe computing.

More details of the DuLoad worm can be found at
http://www.sophos.com/virusinfo/analyses/w32duloada.html

Some simple to implement safe computing guidelines can be found at
http://www.sophos.com/virusinfo/articles/safehex.html