Press Releases

Browse our press release archive

18 May 2004

Bobax worm turns computers into spam zombies, Sophos reports

The Bobax worm can make a zombie of your computer
The Bobax worm can make a zombie of your computer

Virus researchers at Sophos have warned users about a new internet worm which is capable of turning infected computers into spam factories and launchpads for denial-of-service attacks against websites.

The W32/Bobax-A worm uses the same Microsoft security vulnerability as the Sasser worm to break into computers, enabling attacks to gain full control of the infected PC.

"Worms like Bobax are gold dust to the spam gangs - as it gives them an easy way to build up a network of innocent computers to send their spam from," said Graham Cluley, senior technology consultant for Sophos. "Computers which are not properly protected with anti-virus updates, firewalls and Microsoft's security patch are asking for trouble."

Because the Bobax worm does not travel via email (instead it exploits a vulnerability described in Microsoft Security Bulletin MS04-011) users do not have to launch an email attachment to be infected.

"Computer users must put protection in place now against this kind of internet assault. If you leave it to chance you shouldn't be surprised if your computer is turned into a "zombie", launching thousands of spam messages at other internet users," continued Cluley. "More than 30 percent of the world's spam is sent from compromised computers, underlining the need for a co-ordinated approach to spam and viruses."

Sophos anticipates that the impact on businesses of the Bobax worm will be limited because of the large number of corporations who have already put the Microsoft patch and reconsidered their firewall protection since the Sasser outbreak, but urges users not to be complacent.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.