The Bobax-H worm is designed to create an army of zombie machines that spammers can use to spread junk email, according to researchers at Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass. The worm is spreading both via email and taking advantage of a Microsoft security vulnerability that had been exploited by the virulent Sasser worm.
''Many people these days use the Internet to keep abreast of the latest breaking news stories. It is these individuals that worms like Bobax-H are trying to infect,'' says Graham Cluley, senior technology consultant at Sophos in a written statement. ''People who launch unsolicited attachments without thinking are walking straight into the hands of malicious virus writers and spamming gangs.''
Once users run the attached file, their machines are infected. Sophos analysts report that the worm will then attempt to forward itself to other email addresses and vulnerable computers, attempt to disable anti-virus and security software, and install an email relay module, which can be used by external hackers for sending spam.
The Bobax-H worm exploits the same LSASS vulnerability first reported by Microsoft on April 13, 2004 in Microsoft Security Bulletin MS04-011.
Emails generated by the Bobax-H worm use several different message bodies and attachment names. Some of the message bodies are: Saddam Hussein -- Attempted Escape. Shot dead. Attached some pics i found; and Osama Bin Laden captured. Attached some pics that i found.
Attached files, which contain the viral code, can have PIF, SCR, EXE or ZIP extensions, according to Sophos.
Saddam Hussein is the latest in a long line of public figures to be used as bait by malware authors and hackers. Politicians such as Margaret Thatcher, Ronald Reagan, Arnold Schwarzenegger, Bill Clinton and George W Bush have been have been used in the past.