Sobig virus update

GovernmentSecurity.org > System Security > Trojan & Virus Errata

ComSec

Jun 28 2003, 06:42 PM

A new variant of the Sobig virus started spreading on Wednesday, raising the specter that spammers will have a host of new PCs to use as platforms for sending bulk e-mail. Initial analysis by antivirus companies indicated that the mass-mailing computer worm, called Sobig.E, doesn't have a malicious payload. However, e-mail service provider MessageLabs believes spammers will use the virus's mail program on victims' computers to send anonymous messages. "This is almost certainly being precipitated by a spammer that is trying to create more open relays to send spam," said Mark Sunner, chief technology officer for the U.K.-based company. An open relay is a computer that accepts e-mail bound for other destinations and then resends the messages anonymously. Using open relays allows spammers to hide the location from which they are sending bulk e-mail.

While there is no concrete proof that Sobig.E has been created and released by a spammer, Sunner said that many bulk e-mailers are already using computers infected with a previous variant of the computer virus to avoid leaving traces. Moreover, the fact that Sobig.E has an expiration date--it will stop spreading on July 14--suggests that the creator doesn't want its infection to turn into a full-blown epidemic, he said. In reality, the program is spreading quite successfully as a Zip-compressed e-mail attachment. Copies of the worm have been seen in 16 countries--including the United States, the United Kingdom and the Netherlands--according to MessageLabs. The virus had produced less than 1,000 e-mail messages from infected computers in the first few hours, said Sunner. That's much smaller than Sobig.C, which was responsible for 32,000 e-mail messages containing the virus in its first 24 hours....continued...

http://news.com.com/2100-1002_3-1020963.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Sobig virus update GovernmentSecurity.org > System Security > Trojan & Virus Errata ComSec Jun 28 2003, 06:42 PM A new variant of the Sobig virus started spreading on Wednesday, raising the specter that spammers will have a host of new PCs to use as platforms for sending bulk e-mail. Initial analysis by antivirus companies indicated that the mass-mailing computer worm, called Sobig.E, doesn't have a malicious payload. However, e-mail service provider MessageLabs believes spammers will use the virus's mail program on victims' computers to send anonymous messages. "This is almost certainly being precipitated by a spammer that is trying to create more open relays to send spam," said Mark Sunner, chief technology officer for the U.K.-based company. An open relay is a computer that accepts e-mail bound for other destinations and then resends the messages anonymously. Using open relays allows spammers to hide the location from which they are sending bulk e-mail. While there is no concrete proof that Sobig.E has been created and released by a spammer, Sunner said that many bulk e-mailers are already using computers infected with a previous variant of the computer virus to avoid leaving traces. Moreover, the fact that Sobig.E has an expiration date--it will stop spreading on July 14--suggests that the creator doesn't want its infection to turn into a full-blown epidemic, he said. In reality, the program is spreading quite successfully as a Zip-compressed e-mail attachment. Copies of the worm have been seen in 16 countries--including the United States, the United Kingdom and the Netherlands--according to MessageLabs. The virus had produced less than 1,000 e-mail messages from infected computers in the first few hours, said Sunner. That's much smaller than Sobig.C, which was responsible for 32,000 e-mail messages containing the virus in its first 24 hours....continued... http://news.com.com/2100-1002_3-1020963.html This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.