Sobig Strikes Again And Again... - InformationWeek

Sobig Strikes Again And Again...

It's back, and it's causing more trouble.

The Sobig E-mail virus that made its debut in the beginning of the year keeps coming back, with the latest variant spreading quickly, antivirus experts said Tuesday.

The new version, code-named W32/Sobig.F-mm, first appeared Monday and soon led to a "medium-risk" listing by antivirus company Network Associates Technology Inc. "The infection rate is very steady and comparable with the other variants," says Craig Schmugar, research engineer for the company.

Indeed, the number of virus-carrying E-mails intercepted by MessageLabs Inc. increased from 10,000 at 8:30 a.m. EST Tuesday to more than 100,000 by 1 p.m. EST. "It's a lot, but there have been a number of other viruses with a faster infection rate," a MessageLabs spokesman says. "In terms of Sobig variants, it's up there with the last one."

MessageLabs, which monitors corporate E-mail traffic for spam, viruses, and other nuisances, has intercepted 360,000 E-mails infected with the previous variant, Sobig.E, since it appeared June 25. Typically, these viruses spread quickly during the first 12 to 24 hours, then trail off as fast as they started as companies and home PC users update their antivirus software.

Sobig.F is arriving in E-mail under a subject line that typically says "re:details," "details," "your details," "thank you," or "resume." The sender is disguised as someone that may be familiar to the recipient, such as the name of a company or person.

Once the attachment containing the virus is opened, Sobig steals E-mail addresses from several different locations on the computer, including the Windows address book and Internet cache, then sends copies of itself out to those addresses. The virus, which sends multiple E-mails concurrently, selects addresses randomly for use as the sender, attempting to fool recipients into thinking the E-mail is from a company or other legitimate source.

"Hackers are always trying new techniques to get you to open the virus," the MessageLabs spokesman says. "One of the ways is called spoofing, making you think the E-mail is coming from a trusted vendor."

The attachments' names may include your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document.Fall.pif, application.pif, and document.9446.pif.

Because of its mass-mailing capabilities, Sobig can eat up bandwidth and slow a company's network performance. The virus, however, isn't considered as malicious as others, since it doesn't delete files or damage the infected PC.

Nevertheless, the bigger danger lies in its ability to open a port in a computer, enabling a hacker to upload a Trojan. The small application can let a hacker take control of a computer or search for passwords in the system to break into people's online accounts.

Spammers also use Trojans to send out mass mailings through someone else's PC, hiding the originator of the spam.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Don't Collect Biometric Data Without Providing Notice
Lisa Morgan, Freelance Writer,  2/1/2019
AI and the Next Recession
Guest Commentary, Guest Commentary,  1/24/2019
The Title Machine Learning Engineer Will Start to Disappear
Guest Commentary, Guest Commentary,  2/7/2019
Register for InformationWeek Newsletters
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll