The Worm That Gurned, Email Virus Pulls A Funny Face While Secretly Installing A Backdoor Trojan

Virus experts at Sophos have reported that a new worm demonstrates the ancient British art of gurning, the tradition of pulling a funny or scary face, as it infects computers with a backdoor Trojan.

The Wurmark-F worm spreads via email, pretending to be from addresses such as easy_lay666@lovenet.com, sexy_guy88@aol.com, and sexy_lil_thing@no-ip.com. Emails can have a variety of subject lines, such as “Hhahahah lol!!!!” and “Rate My Pic…” and the following message bodies:

“i found this on my computer from ages ago download it and see if you can remember it lol i was lauging like mad when i saw it! 😀 email me back haha… ”

or

“Hi ive sent 5 emails now and nobody will rate my pic!! 🙁 please download and tell me what you think out of 10 , dont worry if you dont like it just say i wont be offended p.s i was drunk when it was taken :P”

If recipients open the attached file they will be infected by the worm while a graphic of an elderly man gurning is displayed. As the funny image appears, the worm secretly drops the Rbot-US network worm and backdoor Trojan horse onto unprotected PCs. The Trojan allows hackers to take remote control of infected computers, enabling them to capture keystrokes, grab screenshots and even capture webcam footage of the unsuspecting user.

“At first glance some may think this worm is harmless and be amused by its graphical payload, but it has the sinister intention of handing over control of your PC to remote hackers,” said Graham Cluley, senior technology consultant for Sophos. “Unless computer users properly defend themselves with up-to-date anti-virus software, firewalls and security patches then they run the risk of having their PC exploited and their bank accounts emptied.”

Sophos experts believe that the Wurmark-F and Rbot-US worms are evidence of a growing trend of more and more malware spying on innocent home computer owners and poorly-protected businesses.

“The simple fact is that organised criminals are more involved in virus-writing than ever before and more aggressive in their attempts to find new computers to infect and control,” continued Cluley. “If you attach a new, unpatched computer to the internet, unprotected by proper firewalls and up-to-date anti-virus software, then it can easily be under the control of hackers within 10 minutes.”

More information and images of the Wurmark-F worm can be found at:


More information on the Rbot-US worm can be found at:




Share this