posted on Jan, 19 2005 @ 03:31 PM
Computer virus experts at Sophos have identified that a new mass-mailing worm may have a link to a university based in South Korea.
The W32/Baba worm distributes itself via email claiming to be an mail delivery error message, but if users click on the attached file the virus will
infect the PC and try to forward itself to other email addresses found on the computer.
Hidden inside the worm are the phrases "SoonChunHyang" and "Bucheon", which do not get displayed. The text references the SoonChunHyang University
located in Bucheon, South Korea.
"It's curious that the author of this virus has hidden these phrases deep within his code," said Graham Cluley, senior technology consultant for
Sophos. "In the past, virus writers have found it hard not to leave messages inside their code - often revealing clues as to the possible origin of
their creations. Regardless of the reason why the virus writer did this, all computer users should ensure they are protected against the latest email
Although some anti-virus vendors reported that this virus was a variant of the Netsky worm, it bears no relation to that family of worms.