Sobig Strikes Again And Again... - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Sobig Strikes Again And Again...

It's back, and it's causing more trouble.

The Sobig E-mail virus that made its debut in the beginning of the year keeps coming back, with the latest variant spreading quickly, antivirus experts said Tuesday.

The new version, code-named W32/Sobig.F-mm, first appeared Monday and soon led to a "medium-risk" listing by antivirus company Network Associates Technology Inc. "The infection rate is very steady and comparable with the other variants," says Craig Schmugar, research engineer for the company.

Indeed, the number of virus-carrying E-mails intercepted by MessageLabs Inc. increased from 10,000 at 8:30 a.m. EST Tuesday to more than 100,000 by 1 p.m. EST. "It's a lot, but there have been a number of other viruses with a faster infection rate," a MessageLabs spokesman says. "In terms of Sobig variants, it's up there with the last one."

MessageLabs, which monitors corporate E-mail traffic for spam, viruses, and other nuisances, has intercepted 360,000 E-mails infected with the previous variant, Sobig.E, since it appeared June 25. Typically, these viruses spread quickly during the first 12 to 24 hours, then trail off as fast as they started as companies and home PC users update their antivirus software.

Sobig.F is arriving in E-mail under a subject line that typically says "re:details," "details," "your details," "thank you," or "resume." The sender is disguised as someone that may be familiar to the recipient, such as the name of a company or person.

Once the attachment containing the virus is opened, Sobig steals E-mail addresses from several different locations on the computer, including the Windows address book and Internet cache, then sends copies of itself out to those addresses. The virus, which sends multiple E-mails concurrently, selects addresses randomly for use as the sender, attempting to fool recipients into thinking the E-mail is from a company or other legitimate source.

"Hackers are always trying new techniques to get you to open the virus," the MessageLabs spokesman says. "One of the ways is called spoofing, making you think the E-mail is coming from a trusted vendor."

The attachments' names may include your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document.Fall.pif, application.pif, and document.9446.pif.

Because of its mass-mailing capabilities, Sobig can eat up bandwidth and slow a company's network performance. The virus, however, isn't considered as malicious as others, since it doesn't delete files or damage the infected PC.

Nevertheless, the bigger danger lies in its ability to open a port in a computer, enabling a hacker to upload a Trojan. The small application can let a hacker take control of a computer or search for passwords in the system to break into people's online accounts.

Spammers also use Trojans to send out mass mailings through someone else's PC, hiding the originator of the spam.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll