Three days after a new MyDoom variant was reported using porn as its bait, another porn-baiting bug has been found—this one tricking users into falling for it by warning about undetected porn on their machines and offering a phony cleanup program.
Called Baba-C (W32/Baba-C), this bug tells users they can clean out the heretofore unsuspected porn with a program called Evidence Center—but clicking on the attached file does nothing but run Baba-C, which tries to forward itself to e-mail addresses on the victim's computer, and open backdoors for hackers.
Needless to say, no porn will be found on the computer by way of the messages and attachment which tries to disguise itself as a Web link, according to antivirus maker/Internet security firm Sophos, which reported Baba-C January 18.
"Many people are worried about the adult material that inhabits areas of the internet, and don't want it to reach their PC," said Sophos senior tech consultant Graham Cluley in a statement.
"It's also clear that the Internet is widely used for accessing hardcore sexual material," he continued. "Either way, many people want to ensure that their PC contains no evidence of XXX content, and may be tempted to follow this email's instructions if they are sent this worm. The Baba-C worm is using a dirty trick. Our advice, as always, is to keep your antivirus software up-to-date and never launch an unsolicited email attachment."
Thus far, Cluley said, only a small number of computers have actually become infected with Baba-C.
Three days earlier, MyDoom.AI/I-Worm.MyDoom.AE was reported having been discovered trying to trick e-mail recipients and peer-to-peer users into opening it by promising free access to password-protected porn Websites.
