Saddam Hussein 'death' photos used as worm bait

Photos of a "dead" Saddam Hussein are the lure for a new mass-mailing worm, Sophos warned on Thursday, in the latest instance of attackers using well-known figures as bait. The Bobax.H worm purports to offer photos that show that the former Iraqi leader was killed while attempting to escape from custody, the antivirus company said. "It's a brand new virus that converts users' PCs into spam factories," said Graham Cluley, a Sophos senior security consultant. "Although it hasn't reached epidemic proportions yet, it is spreading." The worm can spread via e-mail and by using the Microsoft LSASS vulnerability, the same flaw used by the Sasser worm to spread in record time. The vulnerability was reported 10 months ago, and a patch is available. Bobax.H, which affects PCs running Microsoft Windows, propagates when people open an e-mail attachment containing the virus, Sophos said in its advisory. It then attempts to forward itself to other e-mail addresses and vulnerable computers. Bobax-H will also try to disable antivirus and security software, as well as install an e-mail relay module to transform the PC into a spam factory. The attachments in the Bobax.H e-mails carry a number of different file names, and the body of the message varies too, Sophos said. Examples of message bodies include: "Saddam Hussein - Attempted Escape, Shot dead. Attached some pics that i found" and "Osama Bin Laden Captured. Attached some pics that i found."