Fans looking for World Cup results could get more than they bargained for with an email-based virus

A new virus could score a surpise goal against users looking for up-to-the-minute championship results during the FIFA World Cup.

According to antivirus firm Sophos, the VBS/Chick-F virus arrives via email as a compressed HTML file that carries the subject "RE: Korea Japan Results". Once the attachment is executed, the text "Enable activeX To See Korea Japan results" is displayed.

If ActiveX is enabled, the virus will search drives C, D and E for an Internet Relay Chat (IRC) executable file. Once located, the virus will be copied into the C drive as koreajapan.chm and propagate itself to users on the same IRC channel.

The virus will then send an email to the first entry in a user's Microsoft Outlook address book with the same subject line.

"Whoever wrote this virus is aiming to exploit soccer fans hungry for news about their team's progress," said Graham Culley, senior technology consultant at Sophos.

The company hasn't received reports of an infection but said the virus was detected after fielding several queries from customers. "They've been contacting our support centre in the UK since Thursday," said Charles Cousins, Sophos Asia managing director.

Sophos was unable to detect the origins of the virus but said it wasn't circulating in the wild.

In May, Sophos warned companies to be wary of security threats during the World Cup as soccer mad fans unwittingly download infected programs while scouring the Web for screensavers, spreadsheets and electronic wall charts.

One of the more malicious World Cup viruses made its debut during the 1998 edition in France. Users were asked to pick a winner and the selection made by the program. If they guessed incorrectly, the virus would trigger code that could potentially wipe out the hard drive.

Copyright © 1995-2008 CNET Networks, Inc. All rights reserved
ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc.