LoveBug variant baits NSA global surveillance network, deletes MP3s.

UK-based anti-virus outfit Sophos is reporting a new variant of the LoveBug Outlook worm which contains a large amount of hidden text, apparently designed to attract the US National Security Agency's Echelon spy satellite network and overload it. Comments within the executable file include large swaths of text such as: "NSA national security agency code PGP GPG satellite cia yemen toxin botulinum mi5 mi6 mit kgb .mil mil base64 us defence intelligence agency admiral diplomat alert! BATF," and so on. As for social engineering, this worm looks like a total non-starter. The subject line reads, !!!; the body reads, :-) MuCuX...; and then there's an attached file: echelon.vbs. We don't expect it to get very far. Which is sort of a pity, really; the author has a few pertinent observations to make and questions to ask, such as "Stop Violence Pentagon. Why are you testing your new weapons on iraq? You are trying to protect children from porn but you are also killing them and other innocent people in iraq... ...and another thing... why are you using echelon type stupid things to listen around...?" The virus was "written By Extirpater and beyin. (i am NOT from iraq, and not protecting iraq/islamic anyway)." These are believed to initiate an Echelon snoop session; but it's likely that Echelon relies on pattern-recognition rather than dictionaries, so loading millions of e-mails with tantalizing keywords really won't attract the machinery and bring the system down. The new Outlook worm is also mildly destructive, and will over-write MP2 and MP3 files and .jpeg files by modifying their extensions; and, like the LoveBug which it resembles, mail itself to everyone on a victim's address list. Also, "if the worm determines that mIRC (Internet Relay Chat) is installed on the system it will drop a mIRC script that will send the worm on via mIRC," Sophos says. The company says they've had only one report of the worm in the wild, which is hardly a surprise considering its weak inducements to open the attachment.