New Virus Disguised As Saddam Hussein Death Photographs

Anti-virus experts at Sophos are warning computer users about a new worm posing as photographic evidence that Saddam Hussein has been killed following an attempted escape bid from custody. The Bobax-H worm spreads both via email and using a Microsoft security vulnerability in the style of the infamous Sasser worm.

Emails generated by the Bobax-H worm can use a variety of different message texts including: “Saddam Hussein – Attempted Escape, Shot dead. Attached some pics that i found”. Some versions also claim to have pictures of a captured Osama Bin Laden.

Users who run the attached file on a Windows computer risk infecting their PCs. The worm will then attempt to forward itself onto other email addresses and vulnerable computers, attempt to disable anti-virus and security software, and install an email relay module which can be used by external hackers for sending spam.

“Many people these days use the internet to keep abreast of the latest breaking news stories – it is these individuals that worms like Bobax-H are trying to infect,” said Graham Cluley, senior technology consultant at Sophos. “People who launch unsolicited attachments without thinking are walking straight into the hands of malicious virus writers and spamming gangs.”

The Bobax-H worm exploits the same LSASS vulnerability first reported by Microsoft on 13 April 2004 in Microsoft Security Bulletin MS04-011, and later exploited by the widespread Sasser worm.

“There’s really no excuse for computers still to be suffering from this Microsoft security vulnerability 10 months after a fix was first made available, as so many major viruses have tried to take advantage of it,” continued Cluley. “Everyone responsible for the security of Windows computers should ensure they are defended against this threat and check that they are routinely installing security patches.”

Saddam Hussein is the latest in a long line of public figures to be used as bait by malware authors and hackers. Politicians such as Margaret Thatcher, Ronald Reagan, and George W Bush have been used in the past. Even Bill Gates, David Beckham, and Michael Jackson have been used as a psychological trick to dupe users into opening infected files.

Further information about the Bobax-H worm can be found at:




Share this