Security threats Toolkit

Bin Laden video spreads a worm for 'The Hobbit'

Munir Kotadia ZDNet Australia

Published: 05 Nov 2004 12:43 GMT

Antivirus firm Sophos is warning Internet users not to get duped into opening the attachment because it contains a new variant of the Famus worm.

The Famus worm affects Windows systems and tries to trick users into believing its' attached file contains a file – in this case a video – from events relating to the US military. Previous variants purported to contain a spreadsheet with information from the Pentagon and pictures of the Iraq war.

Graham Cluley, senior technology consultant for Sophos said hackers and virus writers will try all kinds of tricks to entice people into running their malicious code.

"It seems this time that the virus writer has focused on the public's appetite for breaking news on the war against terror," said Cluley.

Once executed, the worm sends itself to e-mail addresses stored on the infected computer and creates a number of files on the hard drive. One of the files contains some text (in Spanish) that informs the victim they have been duped.

In English, the note reads: "This computer has been infected… This is to protest against the violation of free expression rights. Now all the data in your hard drive is been erased. The Hobbit."

The technique of using current events to entice a user to click on a malicious link or open a harmful attachment is known as social engineering.

Analyst firm Gartner last week warned that social engineering techniques are becoming more sophisticated and will pose the greatest security risk facing large companies over the next decade.

Malware writers recently targeted Yahoo by sending users an e-mail asking them to ‘verify’ their Yahoo username. This turned out to be an attempt to trick users into opening untraceable e-mail accounts.

Yahoo told ZDNet UK sister site ZDNet Australia that social engineering and phishing are industry wide issues and the only way to combat the problem is with a combination of education and technology.

According to a Yahoo spokesperson, by the end of the year Yahoo will have implemented a technology called DomainKeys, which is designed to help protect users from fake emails and phishing attacks. The company also highlighted that it will never ask users to ‘verify’ their usernames and passwords.

"Alongside with our DomainKeys proposal, our long-time consumer education efforts include tips and reminders for e-mail users such as: Yahoo will never ask you for your password credit card numbers, or other personal information in an email," the spokesperson said.