In this section

• Home
• Press office
• News archive
• Articles
• 2004
• 11

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Sophos blogs

• SophosLabs blog
• Graham Cluley's blog
• Paul Ducklin's blog
• Chet's blog

Info feeds

• Security news
• Company news
• More...

What are info feeds?

4 November 2004

Bin Laden terrorist video email is really a virus, warns Sophos

The virus spreads itself pretending to be a video of Osama Bin Laden.

Experts at Sophos, a world leader in protecting businesses against viruses and spam, have warned users to beware of emails claiming to contain videos of Al Qaeda leader Osama Bin Laden as they really contain a malicious computer worm.

The W32/Famus-F worm has been discovered in the wake of George W Bush's re-election as President of the United States of America, and less than a week after an Arabic television station broadcast the first videoed speech by Osama Bin Laden since the US-led war in Afghanistan.

"Hackers and virus writers will try all kinds of tricks to entice people into running their malicious code," said Graham Cluley, senior technology consultant for Sophos. "It seems this time that the virus writer has focused on the public's appetite for breaking news on the war against terror."

The W32/Famus-F worm arrives in the form of a bilingual email, with the following characteristics:

Subject line:
Mas terrorismo este ano \More terrorism this year

Message body:
Password: "cnn"
Ultimas declaraciones de Bin Laden
Reenvíe este video a todo el mundo.
======================================================
Password: "cnn"
Last speech from Bin Laden
Please forwards this video to everybody.'

"There will be many who will be interested to know how terrorists will react to George W Bush's success at the polls," continued Cluley. "Those people should not lower their guard and be fooled into accepting unsolicited email attachments."

If executed the worm attempts to forward itself to email addresses found on the infected computers and drops a number of files onto the hard drive. Hidden inside the virus is the following text in Spanish:

Esta computadora ha sido infectada por el virus LIBERTAD. Como protesta por la violacion del derecho a la libertad de expresi En estos momentos toda la informaci disco duro esta siendo borrada
El Hobbit

This translates into English as:

This computer has been infected with the LIBERTAD (FREEDOM) virus. This is to protest against the violation of free expression rights. Now all the data in your hard drive is been erased
The Hobbit

Reassuringly, the Famus-F worm is not spreading very successfully, however Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

See also:

• Hackers disguise Trojan horse as Osama Bin Laden suicide photographs
• Sign-up now for free notification of new viruses found in the wild
• Add live virus information to your website or intranet