Sobig not so clever
Published: 13 January 2003 16:02 GMT
A new virus, code-named W32/Sobig.A, is on the loose and spreading quickly, according to antivirus experts.
The worm was discovered late last week and has spread rapidly over the weekend. By Monday morning, Sobig was the third most prevalent virus on the internet, according to UK-based email security firm MessageLabs.
Sobig is a mass-mailing worm incorporating its own SMTP engine, according to antivirus companies. It arrives from the email address "big@boss.com" and bears a subject line such as "Re: here is that sample", "Re: Movies", "Re: Document" or "Re: Sample". The email contains an attachment called "Document003.pif", "Sample.pif", "Untitled1.pif" or "Movie_0074.pif".
It affects the Windows 95, 98, Me, NT, 2000 and XP platforms. The worm was originally not considered a serious threat, but has been upgraded due to its rapid spread.
When the attachment is clicked on, it runs a program that searches for files containing email addresses and uses these to send infected emails. It also connects to a website and downloads a text file containing another web address, from which it attempts to download and run another program. MessageLabs speculated that this program was a backdoor trojan horse, which could allow a hacker to take control of the user's PC.
If there is a local-area network connection, Sobig attempts to copy itself onto shared network folders.
It was first detected on Thursday in the Netherlands, according to MessageLabs, and is most active in the Netherlands, the UK and the US.
The worm has spread rapidly despite its reliance on an attachment that must be downloaded and launched by a user. However, many experts are predicting the imminent appearance of viruses that are able to infect millions of computers in a matter of minutes or seconds by attacking server vulnerabilities directly, without human intervention.
Last week's Lirva worm, which is still in MessageLabs' top five list, also spread through "social engineering" - tricking users into launching a damaging program.
Sophos, Symantec and McAfee have published instructions for blocking and removing the worm.
Matthew Broersma writes for ZDNet UK
Ensuring that time recording is carried out correctly and accurately and that activity codes are appropriate to project and administrative ...
The team is spread across 4 locations in EMEA and this person will provide a key role in daily support and maintenance of all mission-critical ...
Network Engineer (Linux / Unix, Cisco) Spread Betting Location:London Salary:To 45k + bonus + benefits Description Network Engineer (Linux / Unix, ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business