The Kedebe-F worm spreads via email using a variety of different subject lines and message bodies, according to analysts at Sophos, Inc., an anti-virus and anti-spam company with U.S. headquarters in Lynnfield, Mass. Users who are duped into opening an attached file risk downloading the worm, disabling their security software and spreading the virus to other users via email and P2P file sharing.
''Hackers are constantly trying to dupe computer users into running malicious code with the promise of breaking news stories,'' says Graham Cluley, senior technology consultant for Sophos. ''Using the late Pope's name is a sick trick designed to fool the unwary. Everyone should exercise extreme caution, run up-to-date anti-virus software, and ensure they never run unsolicited email attachments.''
Sophos analysts say the email uses a variety of false stories -- the death of the famed singer Michael Jackson, or the capture of terrorist leader Osama Bin Laden by U.S. forces, and even the arrest of the creator of the MyDoom worm by Microsoft.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i One version focuses on conspiracy theories surrounding the death of Pope John Paul II, who died this past spring. That message reads: ''someone sent me this document which is stolen from a secret government body and deals about John Paul's death. It says he was killed by two 'doctors' who were hired by some government bodies. The text attached contains all the story behind his death and who these doctors are.''
In April, analysts warned that spammers were taking advantage of people's interest in the pope and their emotions over his passing. It was part of a ''make-money-fast'' scheme.
''Internet criminals have no respect for taste and decency,'' says Cluley. ''All they're interested in is making money, and [making] other computer users' lives a misery... We wouldn't be surprised to see other public figures having their names abused by virus writers and spammers in the future.''
Sophos' online alert reports that so far the worm is not spreading widely.