Panda reports the appearance of Famus.B

Discussion in 'malware problems & news' started by Randy_Bell, Oct 25, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    - Panda Software reports the appearance of Famus.B, a new worm
    that exploits the conflict in Iraq to spread -
    Virus Alerts, by Panda Software ( ​

    MADRID, October 25, 2004 - PandaLabs has detected a new worm called Famus.B, which uses so-called social engineering techniques to spread to users' computers. Famus.B spreads via email in a message in English and Spanish referring to the conflict in Iraq. To be more specific, it tries to trick users into believing that the file contains photographs of these dramatic events. This message has the following format:

    Iraq and the crime

    Message body:
    what is really happening in Iraq?
    the pictures of the soldiers and prisoners in Iraq
    foward this message.
    everybody should know the truth.

    Qué está sucediendo realmente en Iraq?
    Estas son las fotos de los prisioneros y los
    soldados en Iraq.
    Reenvia este mensaje, todo el mundo debe saber
    la verdad.

    The attached file, which actually contains the worm's code, is called Iraq.scr. What's more, the source code of this file contains the following message from the author of this malicious code:

    Esta computadora ha sido infectada
    por el virus LIBERTAD.
    Como protesta por la violación del
    derecho a la libertad de expresión en
    En estos momentos toda la información de
    disco duro esta siendo borrada
    El Hobbit

    If the user runs this file, Famus.B displays a false error message on screen with the text: File corrupted or bad format. The worm also sends itself out to all the addresses it finds in the files with a DOC, EML, HTM, and HTT extension on the affected computer. To do this, it uses an SMTP engine that it creates on the affected computer in the form of an OCX library file.

    Finally, Famus.B creates an entry in the Windows Registry in order to ensure that it is run whenever the affected computer is started up. Even though Panda Software's Tech Support services have not received any reports of incidents involving this worm, as it uses a current issue like the conflict in Iraq, this worm is likely to start causing incidents soon. For this reason, Panda Software advises users to take precautions and update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect this new malicious code.

    For further information about Famus.B and other computer threats, visit Panda Software's Virus Encyclopedia at:

    In addition, users can scan their computers online for free with the Panda ActiveScan, available at
Thread Status:
Not open for further replies.