Security experts reckon a new low-threat worm that displays the image of President Obama on infected desktops is the work of technically-knowledgeable pranksters.

Infections of the worm appear to be confined to scores of desktops at the same (unnamed) Illinois high school, which contacted its anti-virus supplier. The outbreak puzzled security US reseller Walling Data, which in turn brought in the expertise of AVG's Roger Thompson.

In many ways the Obama worm is a throwback to an earlier, more innocent age when worms were created to gain notoriety out of simple mischief, rather than in order to establish a botnet of compromised PCs that might later be farmed out for profit. The malware does little beyond displaying a small image of Obama on infected desktops, according to preliminary analysis.

Adopting the role of detective, Thompson has some suggestions on likely suspects. "Given that Conficker source is probably not available, and if no one else ends up reporting this, there's some chance one of your students wrote it," he writes. "Find your smartest, geekiest, dweebiest kid, and look hard at him."

Thompson's write-up of the attack, complete with screenshots, can be found here. ®

Related stories

• Dear Obama: Please consider open-source a waste of your time (16 February 2009)
• MyBarackObama profile hack punts malware (27 January 2009)
• Conficker botnet growth slows at 10m infections (26 January 2009)
• Countdown to Conficker activation begins (23 January 2009)
• Exclusive Conficker seizes city's hospital network (20 January 2009)
• Three in 10 Windows PCs still vulnerable to Conficker exploit (19 January 2009)
• 'Obama quits' spam recruits zombie drones (19 January 2009)
• Obama-themed malware mauls world+dog (5 November 2008)
• Obama strumpet-sex scandal ruse spreads malware (9 September 2008)