New Coronex Worm Exploits SARS Worries
Posted on 23.04.2003
Sophos has issued a warning of a new computer worm that takes advantage of growing concern over the biological SARS virus.

Known as W32/Coronex-A, the mass-mailer worm forwards itself to all contacts in Outlook address books and attempts to dupe innocent computer users into opening an attachment offering details on the current SARS epidemic. The Coronex worm uses a variety of subject lines, message bodies and attachment names to entice users into double-clicking including: "Severe Acute Respiratory Syndrome", "SARS Virus" and Hongkong.exe.

"The worm has been deliberately coded to exploit the public's genuine concern about SARS, and is just a further demonstration of the ways that virus writers attempt to use psychological trickery to spread their creations," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "It is important that people call this virus by its proper name, Coronex, rather than 'the SARS virus'. If they don't it will only add to the confusion and panic. In particular, anti-virus firms should act responsibly in the way they communicate news of this virus to the public by ensuring their products, alerts and press releases do not refer to this computer virus as 'SARS'".

"As ever the advice to users is simple: practice safe computing, keep anti-virus software up to date and patch against operating system vulnerabilities. This will dramatically reduce the risk of becoming infected by a new virus," continued Cluley.

Sophos recommends companies consider blocking all Windows programs at their email gateway. It is rarely necessary to allow users to receive programs via email from the outside world. There is so little to lose, and so much to gain, simply by blocking all emailed programs, regardless of whether they contain viruses or not.

More details of the Coronex worm are available at


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th