AV Vendors Warn of Clinton Worm

A new worm masquerading as a visual joke about Bill Clinton represents the latest social engineering attempt by virus writers to get users to commit an old mistake.

Payload damage is potentially serious, but horrible spelling errors make it unlikely that any but the least sophisticated users will be affected, antivirus vendors say.

The official name is the Caricature e-mail worm (W32/Caric-A), and Sophos advises that the virus is in the wild.

The subject line is "bill caricature" and the attachment is named "cari.scr."

One particularly insidious touch is text at the bottom of the message declaring that has failed to find a virus in the attachment. Unfortunately for the virus writer, the subtlety is blown by the virus writer's inability to spell: "No viruse [sic] found."

Users foolish enough to run the attachment anyway will see a cartoon of Bill Clinton playing a saxophone with a bra emerging from it. The worm will then forward itself to everyone in the victim's address book.

According to, the worm may attempt to wipe critical system files at certain times of day after a system restart.

"Fortunately, the terrible spelling in this worm's message will leave well-informed users in no doubt that this email is one to be avoided. Those practicing safe computing should not be caught out," says Chris Wraight, a technology consultant for Sophos Americas.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

  • Microsoft Deprecating Windows To Go

    Microsoft plans to put an end to its Windows To Go product in the near future, according to a Friday support article.

  • Microsoft Releases Hyper-V Server 2019 After Long Delay

    Acknowledging that the release took "way too long," Microsoft has made Hyper-V Server 2019 available for download from the Microsoft Evaluation Center page.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.