Mass-mailer claims to clean adult content from computers
vnunet.com, 18 Jan 2005
Antivirus experts today warned that a mass-mailing worm designed to fool computer users into believing that pornographic content has been found on their PC actually allows hackers to gain remote access to compromised computers.
The Baba-C worm (W32/Baba-C) spreads via email, duping innocent users into believing that it is a warning about 'XXX content' found on their Windows PCs. Users are told that this adult material can be hidden by running a program called Evidence Cleaner.
However, in reality, no pornographic content has been found on the PC, and clicking on the attached file runs the worm which will attempt to forward itself to other email addresses, and open a backdoor for hackers to gain access to the system.
Emails sent by the worm arrive with the subject line: 'Important! XXX sites found on your computer!'
They contain the following message: 'Windows Evidence Checker has found XXX content on your computer. You can hide your activities with Evidence Cleaner service. To run Evidence Cleaner click to quick shortcut attached. Warning! Your copy of Evidence Cleaner will be expired after 7 days. Today you can register for FREE. Please check attached instructions for more details.'
The attached file tries to disguise itself as a web link, but is in reality a malicious executable file.
"Many people are worried about the adult material that inhabits areas of the internet, and don't want it to reach their PC. It's also clear that the internet is widely used for accessing hardcore sexual material," said Graham Cluley, senior technology consultant at Sophos.
"Either way, many people want to ensure that their PC contains no evidence of XXX content, and may be tempted to follow this email's instructions if they are sent this worm.
"The Baba-C worm is using a dirty trick. Our advice, as always, is to keep your antivirus software up-to-date and never launch an unsolicited email attachment."
Sophos noted that there have only been a small number of reports of Baba-C infecting PCs in the wild. Further details of the worm can be found here.
BT security chief Ray Stanton explains how companies can refine their management procedures to improve security
V3.co.uk gets a walk through of the Hero, which includes HTC's new Sense overlay for Android
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
The former FBI and White House CIO shares his views...
Forget Web 2.0, the future is 'immersive connective experience'
Do you agree?
Have your say on this article