A new email-aware worm, W32/Bibrog-B, poses as a
computer game in an attempt to lure unsuspecting users into
However, whilst the shooting game is running the worm is copying
itself across the user's hard drive and preparing to forward itself
to all contacts in the Outlook address book. Furthermore, it
attempts to spread itself using the KaZaA, Grokster and Morpheus
internet file-sharing systems.
In a final devious payload the worm makes changes to an infected
user's internet browser such that it can display fake versions of
genuine websites such as Hotmail, Citibank, MSN and Yahoo, in an
attempt to steal usernames and passwords.
"Many people assume a virus that destroys data is as bad as it
gets. However, a virus which can swipe confidential details such as
account information is a much greater potential danger," said
Graham Cluley, senior technology consultant for Sophos Anti-Virus.
"Companies should inform their users that running unauthorised
programs such as games and screensavers on their business computers
is unacceptable because of the risks of virus attack."
Furthermore, Sophos recommends companies consider blocking all
Windows programs at their email gateway. It is rarely necessary to
allow users to receive programs via email from the outside world.
There is so little to lose, and so much to gain, simply by blocking
all mailed-in programs, regardless of whether they contain viruses
or not. Sophos MailMonitor for SMTP
contains pro-active threat reduction technology which can help
businesses block dangerous filetypes and executable code at the
Sophos customers who have kept their anti-virus software
up-to-date are automatically protected against W32/Bibrog-B. Users
of other anti-virus products are recommended to update their