New virus masquerades as news headlines
(CNN) -- Researchers have identified a new computer virus that masquerades as news headlines from CNN's Web site.
Sophos, an anti-virus firm, says the virus -- identified as Crowt-A -- pulls headlines, subject lines and other content from CNN.com. Once opened, the virus can then scan the user's address book and try to email itself to those users.
The virus' subject line and attachment share the same name, Sophos researchers say, but change continually to match headlines from CNN.com's home page.
"Virus writers are always looking for new tricks to entice innocent computer users into running their malicious code," Carole Theriault, security consultant at Sophos, said in a statement. "This latest ploy feeds on people's desire for the latest news."
Although the number of PCs possibly infected was not immediately known, Sophos said there has been only a small number of sightings.
In addition to emailing itself to other users, the virus also installs a "backdoor Trojan function," according to Sophos. This function can pick up and send data such as keystrokes to a remote user -- a practice sometimes used by hackers to obtain sensitive information such as passwords.
Last May, a fast-spreading computer "worm" known as Sasser wreaked havoc on computer users worldwide, affecting several businesses, banks and government offices.
Users of the Windows operating systems reported sluggish machines and computers that quit or rebooted for no reason.
Anti-virus companies estimate that more than 1 million PCs were infected.
While a computer virus requires some sort of human intervention to be launched, such as opening an e-mail, a worm takes off on its own. Sasser spread through a Windows vulnerability known as LSASS, or Local Security Authority Subsystem Service -- hence the name Sasser.
Sasser would scan random Internet protocol addresses until it found a vulnerable system. Then it would copy itself into the Windows directory as an executable file, and would launch the next time the computer is booted. All that searching for a new "victim" would slow things down across the Internet.