Press Releases

Browse our press release archive

18 Jan 2005

Email worm tells victims it has found pornographic material on their PCs, Sophos reports

Worm resorts to dirty tricks in an attempt to spread

Virus experts at Sophos have discovered a mass-mailing worm that fools computer users into believing that pornographic adult content has been found on their PC, and lures them into running malicious code which opens a backdoor allowing remote hackers access to their data.

The W32/Baba-C worm spreads via email, duping innocent users into believing that it is a warning about XXX content found on their Windows PC. Users are told that adult material on their PC can be hidden by running a program called "Evidence Cleaner". However, in reality, no X-rated content has been found on the PC, and clicking on the attached file runs the worm which will attempt to forward itself to other email addresses, and open a backdoor for hackers to gain access to the system.

Part of the email message sent by the W32/Baba-C worm. Click here to view more.
Part of the email message sent by the W32/Baba-C worm.

Emails sent by the worm have the following characteristics:

Important! XXX sites found on your computer!

Message body:
Windows Evidence Checker has found XXX content on your computer. You can hide your activities with Evidence Cleaner service.

To run Evidence Cleaner click to quick shortcut attached.

Warning! Your copy of Evidence Cleaner will be expired after 7 days. Today you can register for FREE.

Please check attached instructions for more details.

"Many people are worried about the adult material that inhabits areas of the internet, and don't want it to reach their PC. It's also clear that the internet is widely used for accessing hardcore sexual material," said Graham Cluley, senior technology consultant for Sophos. "Either way, many people want to ensure that their PC contains no evidence of XXX content, and may be tempted to follow this email's instructions if they receive this worm. The Baba-C worm is using a dirty trick. Our advice, as always, is to keep your anti-virus software up-to-date and never launch an unsolicited email attachment. "

Although there have only been a small number of reports of the W32/Baba-C worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at