Advertisement
Promo

Industry watch Toolkit

Sobig worm stomps on PCs

Matthew Broersma ZDNet.co.uk

Published: 13 Jan 2003 13:37 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Antivirus experts are warning of a new virus, code-named W32/Sobig.A, which was discovered late last week and spread rapidly over the weekend. By Monday morning, Sobig was the third most prevalent virus on the Internet, according to UK-based email security firm MessageLabs.

Sobig is a mass-mailing worm incorporating its own SMTP engine, according to antivirus companies. It arrives from the email address "big@boss.com" and bears a subject line such as "Re: here is that sample", "Re: Movies", "Re: Document" or "Re: Sample". The email contains an attachment called "Document003.pif", "Sample.pif", "Untitled1.pif" or "Movie_0074.pif".

It affects the Windows 95, 98, Me, NT, 2000 and XP platforms. The worm was originally not considered a serious threat, but has been upgraded due to its rapid spread.

When the attachment is clicked on, it runs a program that searches for files containing email addresses and uses these to send infected emails. It also connects to a Web site and downloads a text file containing another Web address, from which it attempts to download and run another program. MessageLabs speculated that this program was a backdoor trojan horse, which could allow a hacker to take control of the user's PC.

If there is a local-area network connection, Sobig attempts to copy itself onto shared network folders.

It was first detected on Thursday in the Netherlands, according to MessageLabs, and is most active in the Netherlands, the UK and the US.

The worm has spread rapidly despite its reliance on an attachment that must be downloaded and launched by a user. However, many experts are predicting the imminent appearance of viruses that are able to infect millions of computers in a matter of minutes or seconds by attacking server vulnerabilities directly, without human intervention.

Last week's Lirva worm, which is still in MessageLabs' top five list, also spread through "social engineering" -- tricking users into launching a damaging program.

Sophos, Symantec and McAfee have published instructions for blocking and removing the worm.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
32 out of 65 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Industry watch


Company/Topic Alerts

Create a new alert from the list below:






Discussions

Tezzer Tezzer

The only surprise...

Wednesday 16 December 2009, 1:47 PM

3 comments
ator1940 ator1940

Cloud apps

Wednesday 16 December 2009, 1:33 PM

1 comment
ator1940 ator1940

MS copy?

Wednesday 16 December 2009, 1:25 PM

3 comments
J.A. Watson J.A. Watson

Big Surprise... NOT!

Wednesday 16 December 2009, 12:05 PM

3 comments

View All

Video icon

Video

Featured Talkback

In association with Network Liberation Movement
When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters