- 4 February 2005 14:09
Pictures Not Worth 1,000 Bytes, Warns Sophos
Anti-virus experts at Sophos have warned computer users of two new worms. W32/Bobax-H is spreading posing as photographic evidence that Saddam Hussein has been killed following an attempted escape bid from custody. It is designed to create zombie networks of innocent third-party PCs for spammers to spread junk email from. The worm spreads both via email and using a Microsoft security vulnerability previously exploited by the infamous Sasser worm.
The W32/Bropia-D worm sends itself to all contacts in an infected user's MSN Messenger buddy list, using a variety of filenames, in an attempt to drop a copy of another worm - the W32/Rbot-VH network worm and backdoor Trojan horse. This malicious worm allows hackers to take remote control of infected computers, allowing them to capture keystrokes and grab screenshots (allowing opportunities for identity fraud), and even capture webcam footage of the unsuspecting user.
"Although these are just two of the approximately 1,000 new viruses which appear each month, they do tell an interesting story," said Paul Ducklin, Sophos’s Head of Technology for Asia Pacific.
"Bobax-H is a reminder to keep vigilant at all times, no matter how morbidly interesting your email might seem. And Bropia-D is a reminder that email is only one of many ways in which viruses spread."
Refer to the following URLs for complete analyses – http://www.sophos.com/virusinfo/analyses/w32bobaxh.html http://www.sophos.com/virusinfo/analyses/w32bropiad.html
FOR FURTHER INFORMATION: Paul Ducklin (email@example.com) is available for comment: +61 2 9409 9100 (tel) +61 407 320 515 (mob) +61 2 9409 9191 (fax)
Sophos's press contact at Gotley Nix Evans is: Michael Henderson (firstname.lastname@example.org) +61 2 9957 5555 (tel) +61 413 054 738 (mob) +61 2 9957 5575 (fax)