New Sobig strain hijacks PCs to relay spam
Published: 26 Jun 2003 07:55 BST
A new variant of the Sobig virus started spreading on Wednesday, raising the spectre that spammers will have a host of new PCs to use as platforms for sending bulk email.
Initial analysis by antivirus companies indicated that the mass-mailing computer worm, called Sobig.E, doesn't have a malicious payload. However, email service provider MessageLabs believes spammers will use the virus's mail program on victims' computers to send anonymous messages.
Click here to find out more about Sobig.e and how to remove it.
"This is almost certainly being precipitated by a spammer that is trying to create more open relays to send spam," said Mark Sunner, chief technology officer for the UK-based company.
An open relay is a computer that accepts email bound for other destinations and then resends the messages anonymously. Using open relays allows spammers to hide the location from which they are sending bulk email.
While there is no concrete proof that Sobig.E has been created and released by a spammer, Sunner said that many bulk emailers are already using computers infected with a previous variant of the computer virus to avoid leaving traces. Moreover, the fact that Sobig.E has an expiration date -- it will stop spreading on July 14 -- suggests that the creator doesn't want its infection to turn into a full-blown epidemic, he said.
In reality, the program is spreading quite successfully as a Zip-compressed email attachment. Copies of the worm have been seen in 16 countries -- including the United States, the United Kingdom and the Netherlands -- according to MessageLabs. The virus had produced less than 1,000 email messages from infected computers in the first few hours, said Sunner. That's much smaller than Sobig.C, which was responsible for 32,000 email messages containing the virus in its first 24 hours.
The virus appears in a recipient's in-box with the subject line "Re: Movie" or "Re: Application." The body of the message states, "Please see the attached zip file for details." The malicious program is contained in an 80KB attachment to the message. It infects any PC running a Microsoft Windows operating system when the attachment is opened.
Antivirus software maker Symantec planned to update its antivirus definitions at midday on Wednesday to detect and remove Sobig.E. The company rated the virus a "2" on its five-point scale, with "5" being the largest threat. More than 30 of the company's clients had reported the virus to Symantec, said Sharon Ruckman, senior director of the company's security response team.
"That's pretty significant on the corporate side," she said.
To prevent infecting their computer, email users shouldn't open attachments, even from people known to them, unless they specifically asked for the file first.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
40 out of 82 people found this useful
- Share this article:
