Sophos warns of bilingual bogus Microsoft virus fix

NetXactics, local Sophos distributor, has announced that Sophos researchers have warned customers to be wary of a bilingual bogus Microsoft virus fix, which claims to protect against the MyDoom worm.

The W32/Roca-A worm (also known as W32/Sober-D), has already been sighted several times in the wild, and arrives in the form of an e-mail with the following characteristics:

Subject line:
Microsoft Alert: Please Read!

Message text:
New MyDoom Virus Variant Detected!

A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly through the Internet. Anti-virus vendor Central Command claims that 1 in 45 e-mails contains the MyDoom virus. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 13468.

Please download this digitally signed attachment. This Update includes the functionality of previously released patches.

Attached to the e-mail is a ZIP file, which contains the W32/Roca-A worm. If the worm determines it is being sent to a German e-mail address, it presents itself in German language instead of English.

"As the Sober.C worm has shown in recent months, viruses which use more than one language when communicating with users can be more successful at not raising suspicion," said Brett Myroff, CEO of NetXactics. "Companies should ensure their anti-virus software is automatically updated, and screen for dangerous filetypes at their e-mail perimeter."