Panda Software has issued an alert for a new worm called Famus.B, which uses so-called social engineering techniques to spread to users' computers. Famus.B spreads via email in a message in English and Spanish referring to the conflict in Iraq. To be more specific, it tries to trick users into believing that the file contains photographs of these dramatic events. This message has the following format:
Subject:
Iraq and the crime
Message body:
what is really happening in Iraq?
the pictures of the soldiers and prisoners in Iraq
foward this message.
everybody should know the truth.
The attached file, which actually contains the worm's code, is called Iraq.scr. Additionally, the source code of this file contains the following message from the author of this malicious code:
Esta computadora ha sido infectada
por el virus LIBERTAD.
Como protesta por la violacisn del
derecho a la libertad de expresisn en Cuba.
En estos momentos toda la informacisn de su
disco duro esta siendo borrada
El Hobbit
If the user runs this file, Famus.B displays a false error message on screen with the text: File corrupted or bad format. The worm also sends itself out to all the addresses it finds in the files with a DOC, EML, HTM, and HTT extension on the affected computer. To do this, it uses an SMTP engine that it creates on the affected computer in the form of an OCX library file.
Finally, Famus.B creates an entry in the Windows Registry in order to ensure that it is run whenever the affected computer is started up.
For further information about Famus.B, visit Panda Software's Virus Encyclopedia at Panda Software page.
10/26: Famus-B Worm Sends Email About Iraq
