A Russian antivirus company apologized Friday for an e-mailed virus alert that was infected with the very worm the message was supposedly designed to warn against.
Kaspersky Labs said the message, sent Thursday to subscribers of the company's "Virus News" e-mail dispatch, had actually been sent by hackers masquerading as the company. The hackers had managed to break into Moscow-based Kaspersky's computer system and steal the mailing list for the newsletter, the company said.
"We are conducting an investigation to reveal the sources of this attack and are taking the necessary measures...to ensure that this type of attack will never succeed in the future," Eugene Kaspersky, founder and head of research for the company, said in an advisory about the e-mail.
To date, the company hasn't heard of any infections resulting from the tainted message, but it has offered free technical services to anyone who does fall prey to the viral prank.
The infected message, sent to some thousands of subscribers, carried a copy of the recently discovered Braid worm.
Braid, also known by Kaspersky Labs as Bridex, hasn't spread very widely. U.K.-based e-mail service provider MessageLabs intercepts such hostile attachments for its client companies and has seen only a little more than 2,000 copies of the virus in the last 24 hours. That places the malicious program at No. 5 on MessageLab's daily Top 10 list; the Klez virus leads the pack with over 9,000 infected e-mails intercepted by the company in the last 24 hours.
A variant of the FunLove virus, Braid is written in Visual Basic Script and has its own e-mail engine. That means it can spread itself even if a victim's computer doesn't have an e-mail client such as Outlook installed. The virus infects computers running on Windows, makes several copies of itself on the hard drive, searches for e-mail addresses in a variety of files and then sends itself out to those addresses.
But Thursday's mass mailing of the virus wasn't the result of an infection, said Denis Zenkin, director of marketing for Kaspersky Labs. It was a deliberate act by online vandals.
"Some hackers got into our Web server and got the addresses of our subscribers," Zenkin said, "and these hackers sent a message with the Bridex worm to all of the subscribers."
Zenkin said he doesn't know how the hackers infiltrated the Web server, which ran the Unix variant FreeBSD and the mail program Postfix.
However, he did say such attacks are no longer a rare occurrence, especially in Russia.
"We get dozens and dozens of attacks every day," Zenkin said, trying to put a positive face on the whole incident.
"This case shows that Kaspersky Labs is growing and becoming more and more famous and attracts more attentions from the hackers," Zenkin said.
