Worm baits hook with hints of pope plot
New pest, which poses as a breaking news alert about the death of John Paul II among other guises, can disable security software.
Sophos, a U.K. antivirus software maker, warned people on Tuesday about a new worm that poses as a breaking news alert. The worm, called Kedebe-F, spreads via e-mail and uses a variety of subject lines and message bodies.
People who take the bait and open the attached file risk having their security software disabled and may pass the worm on to others, Sophos said.
The worm can send a variety of messages. In addition to those linked to current events, the subject lines and message bodies could relate to a user's Internet account, adult material or other topics, according to an alert issued by Sophos.
One of the messages, as seen by Sophos, read: "Someone sent me this document which is stolen from a secret government body and deals about John Paul's death. It says he was killed by two 'doctors' who were hired by some government bodies. The text attached contains all the story behind his death and who these doctors are."
Ironically, another one of the messages that can be sent by the worm announces the supposed arrest of the author of the MyDoom worm: "Hey, this is to tell you that the author of the Internet Worm 'MyDoom' has been arrested by Microsoft today. He is an OLD MAN, about 50s."
The tricks used by this latest worm aren't new. Online scammers have often used breaking news, Internet account or network trouble and porn as bait for their traps, a method called social engineering. The names of Jackson, the former pope and al-Qaida leader Osama bin Laden have been used in scams before.
The W32/Kedebe-F worm is not spreading widely, according to Sophos. Up-to-date antivirus software should protect against the threat.