A worm that seeks to tempt Windows users into infection by promising "death pictures" of Saddam Hussein has begun doing the rounds on the net. The Bobax-H (http://www.sophos.com/virusinfo/analyses/w32bobaxh.html) worm offers up infected email attachments posing as “photographic evidence” that the former Iraqi dictator has been killed during an attempted escape bid from custody. Bobax-H also tries to spread by using the same vulnerability (MS04-011 (http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx)) used by the infamous Sasser worm.

Emails generated by Bobax-H come with a variety of message texts including: "Saddam Hussein - Attempted Escape, Shot dead. Attached some pics that i found". Other variations in subject lines used by the worm claim to have pictures of a captured Osama Bin Laden.

Windows users induced into running infected attachments will load a backdoor email relay module onto their PCs which can be used by ne'er-do-wells to distribute spam. The virus is in the wild but it isn't spreading rapidly. Anti-virus vendors rate Bobax-H as a low risk. ®

Related stories

Email worm poses as Osama videogram (http://www.theregister.co.uk/2004/11/05/osama_email_worm/)
Sasser worm creates havoc (http://www.theregister.co.uk/2004/05/04/sasser_worm/)
German customs grab Saddam's left leg (http://www.theregister.co.uk/2004/11/10/cutomes_grab_sadaams_leg/)