In this section

• Home
• Security
• SophosLabs blog
• 2008
• 03

• Analyses
• SophosLabs
• SophosLabs blog
• Spyware and adware
• Top 10 malware
• Hoaxes
• Technical papers
• Email notification
• Best practice
• White papers
• Web seminars
• Podcasts
• Hot topics

16 March 2008 13:34 GMT

Nuclear catastrophe in Switzerland only false alarm?

Worrying news is coming from Switzerland today. According to many emails I received from all over the world, an explosion happened 4 days ago in a power plant near Geneva and the nuclear cloud is spreading throughout Europe. Radiation is now really strong. I am very surprised that none of the major news agencies have spotted this. Must be another conspiracy by the nuclear lobby.

The text of the email follows:

A link to a video of the incident included in the email made me want to see what happened. I clicked on the link, but my brand new Windows system with many codecs I already installed to watch movies did not have the required codec installed.

So, to play the video I had to download it from the site, which was successful, but when I run the installer iPIX-install.exe nothing happened. I wonder if I did something wrong? Maybe the installer was corrupt? I downloaded it again, but still no video of the explosion. I called my friends to tell them the bad news. They did not hear anything yet, fools.

For a person from Switzerland that uses computers mostly over weekends, to browse internet, read news, watch movies and listen to music I know quite a lot about technology. To make sure the codec is not corrupt I searched on Google about that installer file name and found out it may be connected with malware. Malware? I thought that malware destroys computers, deletes files and displays nasty messages. The other day in an email I even read that malware can destroy my TV set and my stereo, which was confirmed by Dell, Microsoft and IBM, but nothing like that happened here, nothing. Just in case, I downloaded an anti-virus software called Sophos Anti-Virus, and when I run it, to my surprise, it really detected the iPIX installer as a virus. I used my new anti-virus software to remove it. I swear I will keep it up-to-date from now on.

What I did not know before the malware attack, but I know now, is that if I was protected by a good anti-spam and anti-virus software I would not get these emails at all. Even if I got them, my attempt to install the codec would be blocked by the anti-virus software. If for example, I already had Sophos Anti-Virus installed, the codec would be detected as Troj/Agent-GSX and blocked with the on-access component of the scanner before it could do any harm to my computer. Even if the Trojan was not recognized by the scanner it would still be blocked by Sophos HIPS technology, the one that blocks suspicious behavior of programs. If I only had anti-virus software. My life would be less worrying and my computer would not be recruited into a botnet. I am sending this text to the kind people at SophosLabs, I hope they will publish it on their website. Who knows, maybe my experience will even help somebody?

- Van-Jean Sweitzeur, Switzerland

Vanja Svajcer, SophosLabs, UK

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot