Hackers use porn worm to take over PCs

Antivirus experts today warned that a mass-mailing worm designed to fool computer users into believing that pornographic content has been found on their PC actually allows hackers to gain remote access to compromised computers.

The Baba-C worm (W32/Baba-C) spreads via email, duping innocent users into believing that it is a warning about 'XXX content' found on their Windows PCs. Users are told that this adult material can be hidden by running a program called Evidence Cleaner.

However, in reality, no pornographic content has been found on the PC, and clicking on the attached file runs the worm which will attempt to forward itself to other email addresses, and open a backdoor for hackers to gain access to the system.

Emails sent by the worm arrive with the subject line: 'Important! XXX sites found on your computer!'

They contain the following message: 'Windows Evidence Checker has found XXX content on your computer. You can hide your activities with Evidence Cleaner service. To run Evidence Cleaner click to quick shortcut attached. Warning! Your copy of Evidence Cleaner will be expired after 7 days. Today you can register for FREE. Please check attached instructions for more details.'

The attached file tries to disguise itself as a web link, but is in reality a malicious executable file.

"Many people are worried about the adult material that inhabits areas of the internet, and don't want it to reach their PC. It's also clear that the internet is widely used for accessing hardcore sexual material," said Graham Cluley, senior technology consultant at Sophos.

"Either way, many people want to ensure that their PC contains no evidence of XXX content, and may be tempted to follow this email's instructions if they are sent this worm.

"The Baba-C worm is using a dirty trick. Our advice, as always, is to keep your antivirus software up-to-date and never launch an unsolicited email attachment."

Sophos noted that there have only been a small number of reports of Baba-C infecting PCs in the wild. Further details of the worm can be found here.

See also:

Porn spam triples

Spammers getting smarter at targeting unsolicited mail  01 Feb 2005

Online fraudsters exploit tsunami grief

Criminals stoop to new low by trying to cash in on disaster  17 Jan 2005

MyDoom mutant promises porn passwords

Sex sells  17 Jan 2005

Interview: Security is not an option

BT security chief Ray Stanton explains how companies can refine their management procedures to improve security  13 Jan 2005

Security

The latest wave of cyber-crimes and acts of vandalism have demonstrated once again that many systems are still vulnerable to attack.  15 Apr 2004

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!