Security news
Security news22 October 2004
New Baba worm linked to South Korean university, Sophos reports
 |
| The Baba worm contains text referring to SoonChunHyang University in South Korea. |
Computer virus experts at Sophos have identified that a new mass-mailing worm may have a link to a university based in South Korea.
The W32/Baba worm distributes itself via email claiming to be an mail delivery error message, but if users click on the attached file the virus will infect the PC and try to forward itself to other email addresses found on the computer.
Hidden inside the worm are the phrases "SoonChunHyang" and "Bucheon", which do not get displayed. The text references the SoonChunHyang University located in Bucheon, South Korea.
"It's curious that the author of this virus has hidden these phrases deep within his code," said Graham Cluley, senior technology consultant for Sophos. "In the past, virus writers have found it hard not to leave messages inside their code - often revealing clues as to the possible origin of their creations. Regardless of the reason why the virus writer did this, all computer users should ensure they are protected against the latest email threats."
Although some anti-virus vendors reported that this virus was a variant of the Netsky worm, it bears no relation to that family of worms.
Sophos recommends companies protect their email gateways with a consolidated solution to thwart the virus and spam threats as well as secure their desktop and servers with automatically updated anti-virus protection.
