Saddam used as worm lure
Published: 04 Feb 2005 09:25 GMT
Photos of a "dead" Saddam Hussein are the lure for a new mass-mailing worm, Sophos warned on Thursday, in the latest instance of attackers using well-known figures as bait.
The Bobax.H worm purports to offer photos that show that the former Iraqi leader was killed while attempting to escape from custody, the antivirus company said.
"It's a brand new virus that converts users' PCs into spam factories," said Graham Cluley, a Sophos senior security consultant. "Although it hasn't reached epidemic proportions yet, it is spreading."
The worm can spread via email and by using the Microsoft LSASS vulnerability, the same flaw used by the Sasser worm to spread in record time. The vulnerability was reported 10 months ago, and a patch is available.
Bobax.H, which affects PCs running Microsoft Windows, propagates when people open an email attachment containing the virus, Sophos said in its advisory. It then attempts to forward itself to other email addresses and vulnerable computers. Bobax-H will also try to disable antivirus and security software, as well as install an email relay module to transform the PC into a spam factory.
The attachments in the Bobax.H emails carry a number of different file names, and the body of the message varies too, Sophos said. Examples of message bodies include: "Saddam Hussein - Attempted Escape, Shot dead. Attached some pics that i found" and "Osama Bin Laden Captured. Attached some pics that i found."
Cluely noted that virus writers rely on celebrities to entice people to open malicious email attachments. One example was the Anna Kournikova virus, a mass-mailing worm that posed as a photo of the popular Russian tennis player.
News junkies who receive emails purporting to include news should take measures to get information or photos without putting their computers at risk, Cluley said.
"A lot of people are using the Internet for the latest breaking news. But rather than open an attachment, they can go to a reputable news site like CNN or the BBC. They can look there for the information or photos," he said.
Did you find this article useful?
70 out of 144 people found this useful
- Share this article:
