New Baba Worm Pretends to Purge Porn

An antivirus company has found a mass-mailing worm that tries to spread by fooling users into believing that they have pornographic content on their PCs.

The Baba-C worm travels by e-mail and includes the words "Windows Evidence Checker has found XXX material on your computer," Sophos said in an advisory on Tuesday. The e-mail claims that people can clear their PCs of this material by running a program called "Evidence Cleaner" attached to the message, but does not actually look for porn. When activated, this program runs malicious code that allows hackers access to the data on the computer.

"Many people are worried about the adult material that inhabits areas of the Internet, and don't want it to reach their PC," said Graham Cluley, senior technology consultant at Sophos. "It's also clear that the Internet is widely used for accessing hardcore sexual material. Either way, many people want to ensure that their PC contains no evidence of pornographic content, and may be tempted to follow this e-mail's instructions if they receive this worm. The Baba-C worm uses a dirty trick."

Sophos said that the e-mail carrying the worm has the subject line: "Important! XXX sites found on your computer!" It also contains the following text in the body of the message:

"Windows Evidence Checker has found XXX content on your computer. You can hide your activities with Evidence Cleaner service.

To run Evidence Cleaner click to quick shortcut attached.

Warning! Your copy of Evidence Cleaner will be expired after 7 days. Today you can register for FREE.

Please check attached instructions for more details."

By Thursday morning, Sophos said it had seen only a small number of copies of Baba-C.

Loading