You are here: silicon.com > Software > Security Strategy

Security Strategy

Virus warning: Sobig worm stomps on PCs

Sobig not so clever

Printer Friendly Email Story RSS

By Matthew Broersma

Published: 13 January 2003 16:02 GMT

A new virus, code-named W32/Sobig.A, is on the loose and spreading quickly, according to antivirus experts.

The worm was discovered late last week and has spread rapidly over the weekend. By Monday morning, Sobig was the third most prevalent virus on the internet, according to UK-based email security firm MessageLabs.

Sobig is a mass-mailing worm incorporating its own SMTP engine, according to antivirus companies. It arrives from the email address "big@boss.com" and bears a subject line such as "Re: here is that sample", "Re: Movies", "Re: Document" or "Re: Sample". The email contains an attachment called "Document003.pif", "Sample.pif", "Untitled1.pif" or "Movie_0074.pif".

It affects the Windows 95, 98, Me, NT, 2000 and XP platforms. The worm was originally not considered a serious threat, but has been upgraded due to its rapid spread.

When the attachment is clicked on, it runs a program that searches for files containing email addresses and uses these to send infected emails. It also connects to a website and downloads a text file containing another web address, from which it attempts to download and run another program. MessageLabs speculated that this program was a backdoor trojan horse, which could allow a hacker to take control of the user's PC.

If there is a local-area network connection, Sobig attempts to copy itself onto shared network folders.

It was first detected on Thursday in the Netherlands, according to MessageLabs, and is most active in the Netherlands, the UK and the US.

The worm has spread rapidly despite its reliance on an attachment that must be downloaded and launched by a user. However, many experts are predicting the imminent appearance of viruses that are able to infect millions of computers in a matter of minutes or seconds by attacking server vulnerabilities directly, without human intervention.

Last week's Lirva worm, which is still in MessageLabs' top five list, also spread through "social engineering" - tricking users into launching a damaging program.

Sophos, Symantec and McAfee have published instructions for blocking and removing the worm.

Matthew Broersma writes for ZDNet UK

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Reader Comments

Britain's name frequently appears when the prolife...
Ray Ward

Click here to see all

Related Links

Is this the worst virus ever?

Yaha virus gets up head of steam

Virus alert: Two-faced Lirva threatening users

MyDoom brings down Google

Virus warning: Bagle.Z gets poetic

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...

Viacom vs Google: YouTube privacy fears

Google Talk finds a home on iPhone

ePassport upgrade scaled back

Barclays gives online users free security software

Probe into loss of 21,000 hospital patient details

Zittrain: Android holds the key to free future


  • Jobs
E- Learning Manager

You will negotiate with internal clients and subject matter experts for publication and delivery timeframes, manage the workload and development of ...

Account Manager with Regulatory knowledge, London, CRO, 40,000 +

The Account Manager will serve as overall client relationship manager and strategic business partner for key accounts, in liaison with Practice ...

SAP HCM Business Development Executive (Europe)

We are looking for experienced consultants with a strong background in HCM transformation who are viewed as subject matter experts in this area, with ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

College classrooms go high-tech

Travis Perkins builds its tech future

Thin clients switch on digitally excluded

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Understanding SOA and Business Mashups: Automate. Coordinate. Collaborate. No coding...

Tips and Tricks for Office 2007

MSDN Webcast: Demystifying Office Business Applications for the Business Analyst...

Stories from the web...


Peter Cochrane's Video Blog: Power outrage

Business agility through flexible IT

What are you really saying?


London data centres hit by credit crunch

Ofcom: Mobile broadband driving interest in fibre

3G iPhone to storm enterprise world, says O2

MoD IT - late and over budget

Terrorists turning to tech, warns gov't




Quick Sitemap Links: