Related Resources • Glossary of Terms • Virus Encyclopedia • Politically motivated virus

Elsewhere on the Web • MessageLabs Threatlist   • F-Secure Description

Created with the same virus generator as used for the Anna Kournikova and more recent Homepages worm, Mawanella is an encrypted email worm with a political motive. Ironically, a message displayed by the worm states, "I can destroy your computer (sp) I didn't do that because I am a peace-loving citizen." Based on that piece of propaganda, assumedly some persons find virus writing a noble cause. This is the second such politically motivated virus in recent months; the VBS/Staple worm apologized for the disturbance while it busily launched websites, mass-mailed itself, and spammed various Israeli officials.

According to antivirus security firm F-Secure, Mawanella, a.k.a. VBSWG.Z@mm, arrives as an email message named Mawanella.vbs. No attempt is made to disguise the file type, nor is the accompanying message particularly compelling, simply stating "Mawanella is one of the Sri Lanka's Muslim village", yet still people appear to be opening it. As of its initial US discovery shortly after midnight May 17th, MessageLabs has nabbed over 500 copies of the worm in a mere 10 hours. "It was simple to see why people wanted to click on Anna Kournikova. It's a little bit more difficult for me to understand why people want to click on something called Mawanella.vbs..." commented Mikko Hypponen, Manager of Antivirus Research at F-Secure.

According to F-Secure, when the attached file is executed, the worm mass mails itself to each recipient in every address book and displays the following message box (graphic courtesy of F-Secure):

MessageLabs confirmed no antivirus products used were able to heuristically detect the worm, though their internally developed Skeptic system did alert to its mass mailing and prevented spread amongst MessageLab customers. Content filtering provides the best defense against these types of worms. Simple quarantining of .VBS files will prevent the email - and temptation to open it - from ever reaching users' inboxes.