|
| Be wary of emails that say Saddam Hussein has
died escaping from custody. |
Anti-virus experts at Sophos have warned computer users that a
worm is spreading posing as photographic evidence that Saddam
Hussein has been killed following an attempted escape bid from
custody.
The W32/Bobax-H
worm is designed to create zombie networks of innocent third-party
PCs for spammers to spread junk email from. The worm spreads both
via email and using a Microsoft security vulnerability previously
exploited by the infamous Sasser worm.
Emails generated by the Bobax-H worm can use a variety of
different message bodies and attached filenames. Different message
bodies used by the worm include the following:
Message body:
Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found
and
Message body:
Osama Bin Laden Captured.
Attached some pics that i found
Attached files, which contain the viral code, can have PIF, SCR,
EXE or ZIP extensions.
Users will run the attached file on a Windows computer risk
infecting their PC. The worm will then attempt to forward itself
onto other email addresses and vulnerable computers, attempt to
disable anti-virus and security software, and install an email
relay module which can be used by external hackers for sending
spam.
"Many people these days use the internet to keep abreast of the
latest breaking news stories - it is these individuals that worms
like Bobax-H are trying to infect," said Graham Cluley, senior
technology consultant at Sophos. "People who launch unsolicited
attachments without thinking are walking straight into the hands of
malicious virus writers and spamming gangs."
The Bobax-H worm exploits the same LSASS vulnerability first
reported by Microsoft on 13 April 2004 in Microsoft Security Bulletin MS04-011,
and later exploited by the widespread Sasser worm.
"There's really no excuse for computers still to be suffering
from this Microsoft security vulnerability 10 months after a fix
was first made available, as so many major viruses have tried to
take advantage of it," continued Cluley. "Everyone responsible for
the security of Windows computers should ensure they are defended
against this threat and check that they are routinely installing
security patches."
Saddam Hussein is the latest in a long line of public figures to
be used as bait by malware authors and hackers. Politicians such as
Margaret Thatcher, Ronald Reagan, Arnold Schwarzenegger,
Bill Clinton, George
W Bush and PW Botha have been have been used in the past.
Furthermore, the promise of glimpses of glamorous pin-ups like
Halle Berry, Anna Kournikova, Julia Roberts, Jennifer Lopez, Britney Spears or the stars
of 'Sex and the
City' have previously been used to help viruses spread.
Even Bill
Gates, David
Beckham, and Michael
Jackson have been used as a psychological trick to dupe users
into opening infected files.
Sophos recommends companies protect their email gateways with a
consolidated solution to defend against
viruses and spam. Businesses should also secure their desktop and
servers with automatically updated protection.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.