Sobig-F Worm Spreading Fast, Sophos Suspects Author Is Using Spam Techniques
Posted on 19.08.2003
Sophos has received reports of thousands of instances of the Sobig-F worm (W32/Sobig-F) which can spread via email or network shares. For the worm to spread this fast, Sophos believes that the virus writer may have launched it using spamming technology. When arriving via email the worm can pose as an attached PIF or SCR file. Launching the attached file infects the computer.

"We have seen such a large influx of reports so quickly, it seems likely that the virus author gave his creation a kickstart using techniques usually employed by spammers. The result is that hundreds of thousands of copies of the Sobig-F worm are shunting around the internet, and some companies are finding their email systems are grinding to a halt," said Graham Cluley, senior technology consultant, Sophos Anti-Virus. "Many users know to be cautious about running unsolicited EXE files, but they should be equally wary about running PIF files or screensavers. All computer users should exercise caution when deciding what is safe to run on their computers."

Subject lines used are taken from a list, including "Re: That movie", "Re: Wicked screensaver", "Re: Approved" and "Your details". Like other variants of Sobig, the worm is programmed to stop working on a particular date; in this case, 10 September, 2003.

"Putting a 'dead-date' on his viruses suggests that the Sobig author is effectively test-driving his creations to see which tricks work best from the technical and psychological point of view," continued Cluley. "Releasing Sobig variants on different days of the week, and using slightly different subject lines and filenames, suggests that the worm's author may be trying to find the 'perfect' conditions under which his viruses can spread most quickly."

Sophos has posted a detailed description of W32/Sobig-F worm, as well as a standalone disinfection tool on its website at:
http://www.sophos.com/virusinfo/analyses/w32sobigf.html





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //