Unzip at Your Peril - It May be Sobig Worm
Posted on 26.06.2003
Sophos's customer support service has received many reports from businesses attacked by the latest variant of the Sobig worm.

Sobig-E (W32/Sobig-E), first seen 25th June, is the fifth variant of the Sobig worm - but varies from its older siblings as it spreads itself in the form of a ZIP file.

Even though the user has to unZIP the offending file and launch its content to become infected, some business networks are still falling victim to the worm. Sophos advises all businesses to keep their virus protection up-to-date and educate their users about the perils of unsolicited code.

"Sobig-E is different from your typical worm as it spreads as a ZIP file. This means even if a company has a forward-thinking security policy of blocking executable code - the usual carrier for email worms - Sobig-E can sneak past and dupe people into running its code," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "The best defence against Sobig-E is to get into the habit of never running unsolicited code and keep your email gateway and desktop virus protection up-to-date."

Sobig-E is programmed to fall dormant on 14 July, indeed all the Sobig worms have had limited lifespans. If the virus writer continues with this pattern, Sophos says it would not be surprised if a sixth version of the worm were released shortly after the demise of Sobig-E.

More details of Sobig-E can be found at: http://www.sophos.com/virusinfo/analyses/w32sobige.html


Don't sink your network

Too many of today’s networks are easy to sink. One attack pierces the perimeter, and all of the organisation's most sensitive data comes rushing out. Soon after, their logo is slapped across the evening news as the pundits start circling the water.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Oct 13th