Friday, November 05, 2004

Bin Laden Terrorist Video Email is Really a Virus, Warns Sophos

05/11/2004 11:06:53

Experts at Sophos, a world leader in protecting businesses against viruses and spam, have warned users to beware of emails claiming to contain videos of Al Qaeda leader Osama Bin Laden as they really contain a malicious computer worm.

The W32/Famus-F worm has been discovered in the wake of George W. Bush's re-election as President of the United States of America and less than a week after an Arabic television station broadcast the first new videoed speech by Osama Bin Laden since the US-led war in Afghanistan.

"Hackers and virus writers will try all kinds of tricks to entice people into running their malicious code," said Graham Cluley, senior technology consultant for Sophos. "It seems this time that the virus writer has focused on the public's appetite for breaking news on the war against terror."

The W32/Famus-F worm arrives in the form of a bilingual email, with the following characteristics:

Subject line: Mas terrorismo este ano \More terrorism this year

Message body: Password: "cnn" Ultimas declaraciones de Bin Laden Reenvíe este video a todo el mundo. ====================================================== Password: "cnn" Last speech from Bin Laden Please forwards this video to everybody.'

"There will be many who will be interested to know how terrorists will react to George W. Bush's success at the polls," continued Cluley. "Those people should not lower their guard and be fooled into accepting unsolicited email attachments."

If executed, the worm attempts to forward itself to email addresses found on the infected computers and drops a number of files onto the hard drive. One of the files dropped by the worm contains the following text in Spanish:

Esta computadora ha sido infectada por el virus LIBERTAD. Como protesta por la violacion del derecho a la libertad de expresi En estos momentos toda la informaci disco duro esta siendo borrada El Hobbit

This translates into English as:

This computer has been infected with the LIBERTAD (FREEDOM) virus. This is to protest against the violation of free expression rights. Now all the data in your hard drive is been erased The Hobbit

Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.

Ends

http://www.sophos.com.au

FOR FURTHER INFORMATION: Sean Richmond, Senior Technical Consultant Australia & New Zealand at Sophos (sean.richmond@sophos.com.au) is available for comment: +61 2 9409 9100 (tel) +61 2 9409 9191 (fax)

Sophos's press contact at Gotley Nix Evans is: Michael Henderson (sophos@gne.com.au) +61 2 9957 5555 (tel) +61 413 054 738 (mobile) +61 2 9957 5575 (fax)