Lustrous Attraction to Lara Croft Threatens Computer Safety

04 Sep 2001
Virus News

The first malicious code utilizing Desktop Themes files has been detected

Kaspersky Lab, an international data-security software developer, announces the detection of the Internet worm "Lara": the first malicious program that spreads in Desktop Themes files. At the moment, Kaspersky Lab has received two reports of infections by this worm.

"Lara" spreads exclusively via Internet Relay Chat (IRC), transferring the "LaraCroft.theme" worm-carrying file to remote computers. The file name is presented to users in a deceitful way, masking itself as a Windows desktop decorating application according to the "Tomb Raider" theme. Upon starting the infected file, "Lara" scans the available disks, searching for the location IRC-related programs (mIRC client), and modifies their system files. As a result, the worm sends out its copies to all users connected to the same IRC-channel as the infected computer.

The malicious program contains no other payload.

"We classify 'Lara' most likely as being a proof-of-concept malicious code. The ease with which it is detected and deleted, coupled with the relatively low popularity of the IRC-channels, means that there is not any possibility of a global epidemic happening," assessed Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab.

Defense procedures thwarting "Lara" have already been added to the daily KasperskyTM Anti-Virus database updates.

For a more detailed description of this Internet worm, please visit the Kaspersky Virus Encyclopedia.