Unzip at Your Peril - It May be Sobig Worm
Posted on 26.06.2003
Sophos's customer support service has received many reports from businesses attacked by the latest variant of the Sobig worm.

Sobig-E (W32/Sobig-E), first seen 25th June, is the fifth variant of the Sobig worm - but varies from its older siblings as it spreads itself in the form of a ZIP file.

Even though the user has to unZIP the offending file and launch its content to become infected, some business networks are still falling victim to the worm. Sophos advises all businesses to keep their virus protection up-to-date and educate their users about the perils of unsolicited code.

"Sobig-E is different from your typical worm as it spreads as a ZIP file. This means even if a company has a forward-thinking security policy of blocking executable code - the usual carrier for email worms - Sobig-E can sneak past and dupe people into running its code," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "The best defence against Sobig-E is to get into the habit of never running unsolicited code and keep your email gateway and desktop virus protection up-to-date."

Sobig-E is programmed to fall dormant on 14 July, indeed all the Sobig worms have had limited lifespans. If the virus writer continues with this pattern, Sophos says it would not be surprised if a sixth version of the worm were released shortly after the demise of Sobig-E.

More details of Sobig-E can be found at: http://www.sophos.com/virusinfo/analyses/w32sobige.html


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th