Advertisement
Promo

Security threats Toolkit

Saddam used as worm lure

Dawn Kawamoto CNET News

Published: 04 Feb 2005 09:25 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Photos of a "dead" Saddam Hussein are the lure for a new mass-mailing worm, Sophos warned on Thursday, in the latest instance of attackers using well-known figures as bait.

The Bobax.H worm purports to offer photos that show that the former Iraqi leader was killed while attempting to escape from custody, the antivirus company said.

"It's a brand new virus that converts users' PCs into spam factories," said Graham Cluley, a Sophos senior security consultant. "Although it hasn't reached epidemic proportions yet, it is spreading."

The worm can spread via email and by using the Microsoft LSASS vulnerability, the same flaw used by the Sasser worm to spread in record time. The vulnerability was reported 10 months ago, and a patch is available.

Bobax.H, which affects PCs running Microsoft Windows, propagates when people open an email attachment containing the virus, Sophos said in its advisory. It then attempts to forward itself to other email addresses and vulnerable computers. Bobax-H will also try to disable antivirus and security software, as well as install an email relay module to transform the PC into a spam factory.

The attachments in the Bobax.H emails carry a number of different file names, and the body of the message varies too, Sophos said. Examples of message bodies include: "Saddam Hussein - Attempted Escape, Shot dead. Attached some pics that i found" and "Osama Bin Laden Captured. Attached some pics that i found."

Cluely noted that virus writers rely on celebrities to entice people to open malicious email attachments. One example was the Anna Kournikova virus, a mass-mailing worm that posed as a photo of the popular Russian tennis player.

News junkies who receive emails purporting to include news should take measures to get information or photos without putting their computers at risk, Cluley said.

"A lot of people are using the Internet for the latest breaking news. But rather than open an attachment, they can go to a reputable news site like CNN or the BBC. They can look there for the information or photos," he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
71 out of 146 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:











Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters