New strain of Sobig virus circulating

Free Newsletters

Log-in | Register

New strain of Sobig virus circulating 'Level 2 Alert' indicates a large number of infections
By Paul Roberts, IDG News Service August 19, 2003			E-mail Printer Friendly Reprints Slashdot It!

Antivirus companies warned Tuesday that a new version of the Sobig virus is rapidly spreading on the Internet, the latest in a string of Sobig computer worms to be released.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

The new worm, W32.Sobig.F, first appeared on Tuesday, prompting antivirus software companies to release updated virus identity files to detect and stop the new threat.

F-Secure Corp. of Helsinki rated Sobig.F a "Level 2 Alert," indicating a large number of infections. Sophos said that it had received "many reports" of the latest Sobig worm from customers.

The first Sobig worm appeared in January, infecting machines running Microsoft's Windows operating system.

Like that worm, Sobig.F spreads through infected e-mail message attachments and unprotected shared folders on computer networks, modifying a computer's operating system so that the Sobig.F worm code is run whenever Windows is started, antivirus companies said.

When opened, the worm places a copy of itself into the Windows folder on the infected machine, creates a process to run the worm program and modifies the Windows registry so that the worm program will be launched whenever Windows is started.

Sobig.F, like its predecessors, comes with its own SMTP (Simple Mail Transfer Protocol) engine which it uses to mail copies of itself to e-mail addresses it skims from file and e-mail address books on a victim's computer, Sophos said.

The worm arrives in e-mail messages with nondescript subjects such as "Re: Thank you!" "Your details" and "Re: wicked screensaver." The worm code is stored in attached executable files with names such as "your_document.pif," "details.pif" and "movie0045.pif," according to F-Secure.

However, unlike earlier strains of Sobig, the F-strain is more savvy in its efforts to trick users into opening the infected file that launches the worm.

All versions of the original Sobig worm were sent from the same e-mail address, big@boss.com, and a later variant posed as an e-mail message from Microsoft Chairman and Chief Software Architect Bill Gates. In contrast, Sobig.F inserts e-mail addresses stolen from the victim's computer into the "From:" field, creating the impression that the e-mail was sent from a trusted source, F-Secure said.

Like earlier Sobig variants, Sobig.F comes with an expiration date. The worm will stop spreading on Sept. 10. Copies of Sobig.F that are launched after that date will shut down immediately, F-Secure said.

In the past, new Sobig strains have appeared soon after previous strains expired.

Antivirus companies recommend that customers update their antivirus software and have posted instructions and free tools for disinfecting machines infected by Sobig.

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» Yahoo tells Icahn that its own board knows best
Yahoo claims that Icahn's proposal shows a 'significant misunderstanding' of how Microsoft's buyout offer was handled

» Does Icahn have a backup plan?
Carl Icahn is trying to force Yahoo back to the bargaining table with Microsoft, but if Microsoft is no longer interested, he'll need to have other options available

» Sprint: WiMax cleared for commercial use
Sprint has completed nearly a year's worth of testing and has now declared WiMax up to commerical deployment standards

» Tools circulate that crack Debian, Ubuntu keys
The tools take advantage of a recently discovered vulnerability and can be used to forge digital signatures and steal confidential information

» Facebook to Google: Friend Disconnect
Facebook cites violation of its terms of service as grounds for blocking Google's Friend Connect from accessing social network's members' data

» U.S. to investigate semiconductor patent complaints
LSI and subsidiary Agere Systems ask ITC to bar imports by companies violating their patent for semiconductor chips containing tungsten metal

Virtualization: A Step by Step Approach to Success
Your virtual machines can be up and running in a matter of minutes. HP and Citrix have integrated XenServer with HP ProLiant servers and management tools, powered by hardware-assisted Intel Virtualization Technology to enable high- performance, cost-savings solutions for server consolidation and disaster recovery. Sponsor: HP

» Click here to view this Webcast

The Data Protection You've Been Looking For
Enterprise data is of supreme importance. If you can't find it quickly, it's worthless. If you lose it, it's a crisis. This IT Strategy Guide explores how to keep your data safe.

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Improve Resource Utilization and Lower Operating Costs - Virtualization is becoming more important in the data center, and to the small business. Better utilization of hardware...
Protect Your Data with SSL - Discover how to increase customer confidence in your site with the latest solution in SSL, Extended Validation (EV) SSL ...
Need simple, low cost server virtualization? - Do more with less. Support fewer servers. Simplify disaster recovery. Implement proven, easy-to-use server virtualization...
Virtually Limitless Virtual Storage - Do you need virtualization space savings of 50% or more with virtually no performance impact? You might be able to get storage...
Invisible IT? - The goal of IT is to become an invisible entity within a larger organization. Eliminating visibility and road blocks IT ...
It Really Is Easy to be Green - "Green IT" is a popular concept. And IT organizations are learning the influence that IT purchase decisions have on data...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit CA - Manage your IT more effectively. Efficient - Flexible - Compliant CA - Plan better, manage better. Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. Rackspace - Fanatical Support Promise: Live Support 24x7x365 HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW Collabnet - Virtual Test Lab Automation: Manage development infrastructure HP - StorageWorks All-in-One Storage Systems. hp.com/betterstorage HP - Improve Resource Utilization and Lower Operating Costs Ipswitch - WhatsUp Gold V12 - network management & monitoring for any size network. HP - Webcast: 5 Things You Need to Know About Storage Virtualization Xerox - Typhoon 8860: Enter to win a Xerox PhaserTM 8860 network color printer! BEA - Webcast: Dialing up Agility with Business Transformation Verisign - Protect Your Data with SSL HP - Speed, agility, flexibility - The HP BladeSystem c-Class. InterSystems - Development, integration, BPM, and BAM together in Ensemble Citrix - Need simple, low cost server virtualization? AMD - We're putting more and more of our energy into saving IT Xerox - Enter to win a Xerox Phaser(TM) 6180 network color printer! Mindreef - Key Strategies For SOA Testing		Citrix - Go green.Virtualize servers with Citrix XenServer(TM) - FREE Citrix - Instant server virtualization. Citrix XenServer(TM) - Free! HP - Virtualization: A Step by Step Approach to Success Microsoft - Tech-Ed 08\|Microsoft's largest tech conference\|June 08 in Orlando Neterion - The Missing Piece of Virtualization Seagate - Maxtor OneTouch(tm) 4 Mini backs up your PC on the go Box.net - Upgrade Your Classic Collaboration Tools Overland Security - The Data Protection You've Been Looking For Lefthand Networks - Free White Paper on Matching Server & Storage Virtualization Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Tripwire - Secure your virtual and physical environments with the same software. Crosscheck Networks - Accelerate Your SOA Projects Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM Microsoft - Microsoft Forefront security products for business. Learn more. Oracle - Fueling the Responsive Enterprise Microsoft - Meet Windows Server 2008. The server unleashed. Microsoft - Tech-Ed 08\|Microsoft's largest tech conference\|June 08 in Orlando Microsoft - {Open Source} Heroes Happen Here Xerox - Enter to win a Xerox Phaser(TM) 6360 network color printer! Vizioncore - Vizioncore has solutions for virtually any virtual need.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist