Sophos is warning of a new mass-mailing worm that is capitalising on users’ enthusiasm for Nintendo’s iconic character, Mario. Once they open the email, recipients are requested to click on an attachment that promises to run one of the classic Super Mario Bros games.
The infected emails actually contain the Romario-A worm, which in addition to launching a game starring the portly Italian plumber, also attempts to infect other unprotected computers via mass-mailing itself as a file attachment, as well as spreading via removable shared drives.
Sophos experts note that Romario-A aims to cause maximum impact by scheduling a daily task to ensure the worm runs regularly at a specified time.
Romario-A is the latest in a series of malware that purports to be computer games or to actually run real games. This trick has been employed many times in the past by malware authors, notably, the W32/Bagle-U worm, which attempts to start the Microsoft Hearts game, the W32/Coconut-A virus, which urged infected users to throw coconuts at pictures of a computer security expert and the Troj/Gonori-A Trojan, which plays Minesweeper when run.
The worm is also set to run when files with extensions of BAT, COM, PIF and SCR are opened or launched.