According to U.K. message filtering firm Sophos, the Kedebe.f worm, which is bundled with mail as an attachment, uses a slew of social engineering-style subject heading and message text to fool users into opening the file, including one that poses as mail about the "arrest" of the MyDoom author.
"Author of MyDoom has been ARRESTED!" blares the subject head, said Sophos in its online alert, with the rest of the message reading "Hey, this is to tell you that the author of the Internet Worm 'MyDoom' has been arrested by Microsoft today. He is an OLD MAN, about 50s."
The MyDoom author (or authors) has yet to be found, although rewards totally $500,000 were posted by Microsoft and the SCO Group in early 2004, not long after the destructive -- and still prevalent -- worm debuted.
"Hackers are constantly trying to dupe computer users into running malicious code with the promise of breaking news stories," said Graham Cluley, senior technology consultant at Sophos.
Like many worms, Kedebe.f can pose as more than just one message, said Cluley. Among the bogus news its messages use are conspiracy theories about the death of Pope John Paul II, the death of Michael Jackson (again), Osama bin Laden's capture (ditto), and "J Lo with no closes [sic] on!"
Cluley had especially unkind words for the hacker who dreamed up the story about the former Pope, who was the victim, so says the scam message, of a secret conspiracy by an unknown group of governments. "Using the late Pope's name is a sick trick," said Cluley.