AV Vendors Warn of Clinton Worm

A new worm masquerading as a visual joke about Bill Clinton represents the latest social engineering attempt by virus writers to get users to commit an old mistake.

Payload damage is potentially serious, but horrible spelling errors make it unlikely that any but the least sophisticated users will be affected, antivirus vendors say.

The official name is the Caricature e-mail worm (W32/Caric-A), and Sophos advises that the virus is in the wild.

The subject line is "bill caricature" and the attachment is named "cari.scr."

One particularly insidious touch is text at the bottom of the message declaring that has failed to find a virus in the attachment. Unfortunately for the virus writer, the subtlety is blown by the virus writer's inability to spell: "No viruse [sic] found."

Users foolish enough to run the attachment anyway will see a cartoon of Bill Clinton playing a saxophone with a bra emerging from it. The worm will then forward itself to everyone in the victim's address book.

According to, the worm may attempt to wipe critical system files at certain times of day after a system restart.

"Fortunately, the terrible spelling in this worm's message will leave well-informed users in no doubt that this email is one to be avoided. Those practicing safe computing should not be caught out," says Chris Wraight, a technology consultant for Sophos Americas.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.