It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


SCI/TECH: Worm Masquerades as Antiporn Tool

page: 1

log in


posted on Jan, 19 2005 @ 03:22 PM
A new worm that comes in an email claiming to be an anti-porn tool is currently circulating. The worm has been named W32/Baba-C by antivirus vendor Sophos. The worm is in the early stages, but has the potential to spread.
Reports are coming in of a new e-mail-based worm variant that cleverly poses as a tool for removing evidence of pornography from the hard disk of recipients.

The mass-mailer, dubbed W32/Baba-C by antivirus vendor Sophos, falsely claims in its subject line that it has detected adult-related material on a PC and suggests the user run the attached "evidence cleaner" to remove traces of it having been there.

This follows on the heels of news today that another worm disguised itself as a plea for tsunami aid.

Clicking on the W32/Baba-C mailer installs the worm, which then mails itself to people in the user's various e-mail address books and opens a back door for hackers to gain access to the compromised PC. If an infection has taken place, the worm communicates back to the point of origin to let it know a new PC has been hacked. The worm sender could then initiate data theft from this PC.

Please visit the link provided for the complete story.

I guess the word of caution here should be that you never click anything that comes in an email whose sender you don't know. When I had my email account with WebTV, it was not uncommon to get spam from myself or others in my address book. Fortunately, WebTV is immune to malware. I haven't had any such experiences with my computer.

posted on Jan, 19 2005 @ 03:31 PM
Computer virus experts at Sophos have identified that a new mass-mailing worm may have a link to a university based in South Korea.

The W32/Baba worm distributes itself via email claiming to be an mail delivery error message, but if users click on the attached file the virus will infect the PC and try to forward itself to other email addresses found on the computer.

Hidden inside the worm are the phrases "SoonChunHyang" and "Bucheon", which do not get displayed. The text references the SoonChunHyang University located in Bucheon, South Korea.

"It's curious that the author of this virus has hidden these phrases deep within his code," said Graham Cluley, senior technology consultant for Sophos. "In the past, virus writers have found it hard not to leave messages inside their code - often revealing clues as to the possible origin of their creations. Regardless of the reason why the virus writer did this, all computer users should ensure they are protected against the latest email threats."

Although some anti-virus vendors reported that this virus was a variant of the Netsky worm, it bears no relation to that family of worms.


posted on Jan, 19 2005 @ 03:47 PM
The best advice for this one is to have a real virus scanner and current DAT files. This virus was discovered in October 04 so if you have say McAfee or Norton with current DAT files you don't really have much to be worried about.

If you don't have current DATs well... this is probably the least of what you have on your system.

Right click your virus scanner's icon in the system tray (near the little clock) and look at the properties, it will tell you when your files were last updated. If the date is more than like a week old, you may have a problem.

EDIT: Oops didn't see this was Baba.C. Baba.A was around in October. Well my McAfee is now last updated 1/19/05 most likely to reflect this, so it goes to prove my point about keeping updated. You'll save yourself lots of money and time!! Incidentally, AOL 9.0 now has McAfee packaged with it for free, so there's less excuses to not have current files. Do it.

[edit on 1-19-2005 by Djarums]

posted on Jan, 19 2005 @ 05:20 PM
I check for new virus definitions from Norton daily and virtually daily there is a file to download. Anyone who doesn't run a good anti-virus software and a firewall is crazy, in my book.

new topics

top topics

log in