In this section

• Home
• Press office
• News archive
• Articles
• 2005
• 01

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

18 January 2005

Email worm tells victims it has found pornographic material on their PCs, Sophos reports

Worm resorts to dirty tricks in an attempt to spread

Virus experts at Sophos have discovered a mass-mailing worm that fools computer users into believing that pornographic adult content has been found on their PC, and lures them into running malicious code which opens a backdoor allowing remote hackers access to their data.

The W32/Baba-C worm spreads via email, duping innocent users into believing that it is a warning about XXX content found on their Windows PC. Users are told that adult material on their PC can be hidden by running a program called "Evidence Cleaner". However, in reality, no X-rated content has been found on the PC, and clicking on the attached file runs the worm which will attempt to forward itself to other email addresses, and open a backdoor for hackers to gain access to the system.

Part of the email message sent by the W32/Baba-C worm.

Emails sent by the worm have the following characteristics:

Subject:
Important! XXX sites found on your computer!

Message body:
Windows Evidence Checker has found XXX content on your computer. You can hide your activities with Evidence Cleaner service.

To run Evidence Cleaner click to quick shortcut attached.

Warning! Your copy of Evidence Cleaner will be expired after 7 days. Today you can register for FREE.

Please check attached instructions for more details.

"Many people are worried about the adult material that inhabits areas of the internet, and don't want it to reach their PC. It's also clear that the internet is widely used for accessing hardcore sexual material," said Graham Cluley, senior technology consultant for Sophos. "Either way, many people want to ensure that their PC contains no evidence of XXX content, and may be tempted to follow this email's instructions if they receive this worm. The Baba-C worm is using a dirty trick. Our advice, as always, is to keep your anti-virus software up-to-date and never launch an unsolicited email attachment. "

Although there have only been a small number of reports of the W32/Baba-C worm, Sophos recommends computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of both spam and viruses.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

See also:

• Sign up now for free notification of new viruses found in the wild
• Add live virus information to your website or intranet