Users login

Create an account »


Users login

Home » Hacking News » New worm aims to infest Australian systems

New worm aims to infest Australian systems

by Nikola Strahija on November 6th, 2002 An Internet worm, posing as an anti-virus update arriving in an email, is also using peer to peer (P2P) software to spread. The Merkur worm, aka [email protected] arrives in email form with the subject "Update your Anti-virus Software" and has an attachment named "Taskman.exe".

The worm relies solely on the recipient being fooled into running the attachment to spread.

Like similar worms that have used "social engineering" to lure in unsuspecting victims, the Merkur worm sends itself to everyone in the victims' address book when it is opened.

The also worm deletes any multimedia files located in p2p file sharing directories. It targets share directories used by KaZaA, Bearshare and eDonkey software.

The "process" the worm uses to delete these files is named "Pr0n.bat". Pr0n is common hacker slang for "porn".

The Merkur worm then copies itself into the p2p share directories under many different names. One of the names is "Virtual Sex Simulator.exe", chosen to appear more appealing to other users on file sharing networks.

If this file is downloaded over the p2p network and then run the infection process starts on the new victim's computer.

It will also affect users of the chat program mIRC. The worm creates a script that attempts to send itself to other users in the same chat channel under the name "screensaver.exe".

Concerned users should update their antivirus definitions.

- article available from -

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »