Nice hello, nasty virus

Sophos Press Release

Sophos experts have warned users to be wary of unexpected emails from their friends speaking Spanish. A new worm, W32/Nicehello-A has caused a number of enquiries to Sophos's support centres, but is not expected to spread far due to bugs and its reliance on Spanish phrases.

"Nicehello is another reminder that users should be cautious of all email attachments, even when they know who the sender is," said Graham Cluley, senior technology consultant at Sophos. "Think before you click - ask yourself 'why is Ken from Walsall writing to me in Spanish?'"

The W32/Nicehello-A worm invites users to launch an executable file attached to the email. The worm is capable of stealing account and password information from the infected user's MSN account.

Sophos recommends companies consider blocking all Windows programs at their email gateway. It is rarely necessary to allow users to receive programs via email from the outside world. There is so little to lose, and so much to gain, simply by blocking all mailed-in programs, regardless of whether they contain viruses or not. Sophos MailMonitor for SMTP contains pro-active threat reduction technology which can help businesses block dangerous filetypes and executable code at the email gateway.

Sophos customers who have kept their anti-virus software up-to-date are automatically protected against W32/Nicehello-A. Users of other anti-virus products are recommended to update their software.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at