[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Friday, 12 November, 2004, 08:31 GMT
Toxic web links help virus spread
Computer webcam, Eyewire
One Bofra variant promises pornographic webcam images
Virus writers have begun using the power of the web to spread their malicious wares.

A Windows virus called Bofra is turning infected machines into distributors of its malicious code.

Those clicking on the poisoned links in e-mail messages sent out by infected machines may fall victim to the virus.

The trick is being used to prevent the progam being caught by anti-virus software that combs through code contained in e-mail attachments.

Damaged goods

The virus that uses this trick is called Bofra and the first member of the family of worms appeared on 10 November. They exploit a Windows vulnerability that was discovered only a few days earlier.

funny photos :)
Like many other recent viruses, Bofra plunders the address book in Microsoft Outlook for e-mail addresses and scours other files on an infected machine for fresh target addresses.

The virus uses its own mail sending software to despatch e-mail messages to potential victims but, unlike many other recent viruses, does not itself travel via mail.

Instead the body of the mail messages sent out contain fake weblinks that, when clicked on, connect back to the machine that distributed that e-mail.

Essentially, Bofra turns infected machines into small web servers that happily dole out copies of the virus.

The messages try to trick people into clicking on the links by promising pornographic videos and images or by posing as payment confirmation for a Paypal transaction.

Screengrab of Bofra virus message, BBC
Clicking on the link will download the virus code
Copies of the messages seen by the BBC News website had bright yellow and green backgrounds.

Those clicking on the links will inadvertently download the Bofra virus which will then start searching for new addresses to send itself to.

Filtering firm Clearswift said this tactic of creating thousands of mini web servers was designed to help the virus spread quickly and avoid attempts to shut it down.

In the past other malicious programs have relied on a single web server that downloads viral code to target machines. Shutting down this central server usually stops the virus spreading.

Attack pattern

Clearswift said that fact that no viral code travels in the e-mail messages sent out by machines infected by Bofra could hamper effects to limit its spread.

Finnish anti-virus firm F-Secure said that, so far, it had not seen many copies of the Bofra virus and its variants in circulation.

Look at my homepage with my last webcam photos!
Congratulations! PayPal has successfully charged $175 to your credit card
Hi! I am looking for new friends. I am from Miami, FL.
Tim Warner, spokesman for anti-virus firm Finjan, said: "You have people getting very creative now to deliver the virus and get it propagating."

Mr Warner said organisations needed to prepare deep defences to keep out the modern form of malicious mobile code.

"Most firms have secured their e-mail gateway," said Mr Warner, "but the irony is that most of them let malicious content through the web gateways."

He said behavioural systems that monitor what users do can help to spot when viruses have penetrated organisations and have started hunting for other victims.

The Bofra family of viruses, which were originally thought to be offshoots of the MyDoom bug, can infect machines running Windows 2000, 95, 98, Me, NT, XP and Server 2003.

Users running Windows XP that have applied the SP2 update are not vulnerable to the loophole that Bofra exploits.

Joke e-mail virus tricks users
29 Oct 04 |  Technology
Top 20 computer threats unveiled
09 Oct 04 |  Technology
Cyber conmen 'hijack desktop PCs'
21 Oct 04 |  Technology
Q&A: The Mydoom virus
29 Jan 04 |  Technology
Microsoft takes down SP2 swappers
13 Aug 04 |  Technology
Windows XP security gets tighter
31 Mar 04 |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific