Virus exploits voyeurs

The execution chamber at Terre Haute prison, Indiana.

By BBC News Online technology correspondent Mark Ward

Morbid computer users thinking they were downloading a pirate copy of the execution of Timothy McVeigh have been tricked into installing a computer virus.

Within hours of McVeigh's execution, files pretending to be video clips of the execution started circulating in some net chat rooms.

But anyone downloading and running the files found out they had been duped into running a virus that could give malicious hackers remote access to their computer.

Anti-virus companies do not expect many machines to be infected by the program. However, they said the incident showed how virus creators were changing tactics to snare victims.

Download dupes

Soon after Timothy McVeigh was executed by lethal injection on 11 June, some visitors to a net chat room found a link to a grisly website that promised pirated footage of his death.

But anyone downloading the offered file found it did not contain a video clip but instead was a variant of an old computer virus called SubSeven. The virus only affects machines running Microsoft Windows.

More properly, SubSeven is known as a trojan because, like the wooden horse of legend, it conceals a pernicious payload inside an innocent package.

Once installed, the SubSeven virus gives easy access to malicious hackers looking to take remote control of a target PC. Many hackers have used such compromised machines to launch attacks on their behalf, and make it much harder for police forces to track them down.

Change of tactics

A spokeswoman for anti-virus company Sophos said it had been contacted by some American customers about the McVeigh virus, but said it was not expecting large numbers of machines to be infected by it.

SubSeven first appeared in May 1999 and anyone who has kept their anti-virus software up to date should be protected against it. Usually, the virus travels as an e-mail attachment.

The Sophos spokeswoman said the virus showed how the writers of malicious programs were changing their tactics to trick people into being infected by their creations.

The McVeigh virus is only the latest in a series of programs that spread by preying on human weaknesses. In the past, viruses claiming to show revealing images of Anna Kournikova and Jennifer Lopez have caught many people out.

Although the video of McVeigh's final moments in the Indiana prison was relayed by closed circuit to a US government office in Oklahoma where victims of the bomb attack were watching, the FBI said there was no indication that the signal had been intercepted and descrambled.

It is thought that only a handful of people downloaded the bogus clip and installed it.