Beware the mother of all worms
Beware the mother of all worms
Feb 04, 2005: An email doing the rounds which claims to contain photographic evidence that the deposed former Iraqi leader Saddam Hussein was shot dead during an escape attempt has been identified as a worm by anti-virus experts.
Sophos has warned that the W32/Bobax-H worm has been designed to create zombie networks of innocent third-party PCs for spammers to spread junk email from. The worm spreads both via email and using a Microsoft security vulnerability previously exploited by the infamous Sasser worm.
Emails generated by the Bobax-H worm can use a variety of different message bodies and attached filenames. The two most common ones in circulation are the one that claims Hussein has been killed and another which claims that Osama Bin Laden has been captured.
Attached files, which contain the viral code, can have PIF, SCR, EXE or ZIP extensions. Users will run the attached file on a Windows computer risk infecting their PC. The worm will then attempt to forward itself onto other email addresses and vulnerable computers, attempt to disable anti-virus and security software, and install an email relay module which can be used by external hackers for sending spam.
"Many people these days use the Internet to keep abreast of the latest breaking news stories - it is these individuals that worms like Bobax-H are trying to infect," said Graham Cluley, senior technology consultant at Sophos. "People who launch unsolicited attachments without thinking are walking straight into the hands of malicious virus writers and spamming gangs."
The Bobax-H worm exploits the same LSASS vulnerability first reported by Microsoft on 13 April 2004 in Microsoft Security Bulletin MS04-011, and later exploited by the widespread Sasser worm.
"There's really no excuse for computers still to be suffering from this Microsoft security vulnerability 10 months after a fix was first made available, as so many major viruses have tried to take advantage of it," continued Cluley. "Everyone responsible for the security of Windows computers should ensure they are defended against this threat and check that they are routinely installing security patches."
Saddam Hussein is the latest in a long line of public figures to be used as bait by malware authors and hackers. Politicians such as Margaret Thatcher, Ronald Reagan, Arnold Schwarzenegger, Bill Clinton, George W Bush and PW Botha have been have been used in the past. Furthermore, the promise of glimpses of glamorous pin-ups like Halle Berry, Anna Kournikova, Julia Roberts, Jennifer Lopez, Britney Spears or the stars of 'Sex and the City' have previously been used to help viruses spread.
Even Bill Gates, David Beckham, and Michael Jackson have been used as a psychological trick to dupe users into opening infected files.
Sophos recommends companies protect their email gateways with a consolidated solution to defend against viruses and spam. Businesses should also secure their desktop and servers with automatically updated protection.
Related Article: