Don't fall for email worm spreading news of presidential deaths

November 08, 2006 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned computer users of a new email-aware worm that poses as a number of false breaking news stories - including the outbreak of nuclear war and the death of George W Bush and Vladimir Putin - in an attempt by hackers to infect computers and steal information.

The W32/Dref-N worm may arrive in an email message with the following characteristics:

Subject line: chosen from

White house news!
READ AND RESEND ASAP!
NEWS!
ATTN TO EVERYBODY!
Incredible news!
ATTN
URGENT NEWS!
URG

Message text: chosen from

3rd Glogal War Just Started!!! Read more in file!
Nuclear War in Russia! Read news in file!
President Bush DEAD! Read attached file!
Putin and Bush starts NUCLEAR WAR! Check the file!
Nuclear WAR in USA! Read attached file!
GLOBAL NUCLEAR WAR JUST STARTED! News in file.
President Putin dead! Read more in attached file!

Attached file: chosen from

truth.exe, last.exe, lasest news.exe, never.exe, war.exe, about me.exe, a.exe, read me.exe, or open.exe .

Opening the attached file disables the Windows firewall, and allows external hackers to gain access to the system.

"Users may think that they are receiving these emails from their friends, family and colleagues, but in fact it is a worm that has infected the sender's computer and distributed the message," said Graham Cluley, senior technology consultant at Sophos. "While many of these news hooks may sound totally implausible, it's amazing how many users still allow temptation to get the better of them, and click on the infected file. The simple advice is that if you suspect there's a breaking news story, turn on the TV or visit your favorite news website to see if it has any basis in truth."

Sophos's anti-malware products were automatically updated to protect against the W32/Dref-N worm at 05:05 GMT on 7 November 2006.

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against viruses, spyware and spam.