A malware author is tempting unsuspecting users to open a malicious e-mail attachment by offering up a romp down memory lane with Mario and Luigi.

Sharon Gaudin, Contributor

July 31, 2007

2 Min Read

Miss those carefree days back in the early '80s when you were playing Super Mario Brothers?

If you do, beware of a new spam campaign that is spreading a mass-mailing worm. Researchers at security company Sophos reported that the spammed messages lure users to open an attachment by promising them it will run one of the classic Super Mario Bros games.

While opening the attachment does launch a game with the Italian plumber jumping over obstacles and from platform to platform, but it also infects the user's machine with the Romario-A worm. The malware, which affects the Windows platform, sends itself out to e-mail addresses it harvests from the infected computer and reduces system security, according to Sophos. The worm also is given a task to run at a specific time every day.

According to Sophos, the message in the body of the e-mail generally reads: " Hi There, Do You Like Mario Bross ? Test it, and you'll like it ;] !"

"Fraudsters are constantly innovating to find new ways of tapping into users' psyches to tempt them into clicking on infected links and attachments," said Graham Cluley, senior technology consultant at Sophos, in a written statement. "Nintendo's resurgence in the games market with the Wii console and Mario's global retro appeal are factors playing directly into the hands of cybercriminals keen to dupe users. This kind of attack is particularly stealth-like because nostalgic gamers can actually play the game once they click, giving them no reason to suspect that something more sinister is lurking beneath."

The Romario-A doesn't use a new trick, by any means. It's simply the latest in a series of malware that pretends to be computer games or to actually run real games, according to Sophos. Other malware writers have used similar tricks. The W32/Bagle-U worm attempts to start the Microsoft Hearts game, while the W32/Coconut-A virus urges infected users to throw coconuts at pictures of a computer security expert and the Troj/Gonori-A Trojan plays Minesweeper when run.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights