Sobig worm keeps on growing

The surge in e-mail messages containing the worm pushed Sobig.C to the top position on the U.K. company's list of most prevalent threats.

The third variant of the Sobig worm really adds nothing new, said Vincent Gullotto, vice president of the antivirus emergency response team at computer security company Network Associates

"The only thing I find interesting is that after the first two people, users were still opening and clicking on this," he said.

Network Associates raised Sobig.C's rating to a medium threat on Sunday, following a surge in customer reports of the infectious program. The company says it is getting 30 to 50 submissions of the virus from customers every day.

On Monday, the virus accounted for almost 34,000 e-mail attachments blocked by MessageLabs' mail gateway. The United Kingdom accounted for nearly half of all e-mail traffic caused by the worm, while the second-largest pool of victims--the United States--accounted for about a sixth.

The number of e-mail messages sent by systems infected with the Sobig variant is only an indirect measure of the program's spread across the Internet. However, the data is perhaps the best currently available indicator of the number of infected systems.

Sobig.C infects Windows 95, 98, Me, NT, 2000 and XP systems when users open an attachment after receiving an e-mail generated by the program. The e-mail appears to come from several different addresses--including bill@microsoft.com--and contains any of the following subject lines: "Approved," "Re: 45443-343556," "Re: Application," "Re: Approved," "Re: Movie," "Re: Screensaver," "Re: Submited (004756-3463)," and "Re: Your application."

Once opened, the virus program will spread to any networked hard drive shared with the compromised system and search the current computer for e-mail addresses to which it will send a copy of itself. If the date is June 8 or later, the virus won't try to spread.

• Related stories

• Alerts

Add your opinion

The only thing that will stop ...Anonymous -- 04/06/03

The only thing that will stop the worms spreading is better education of the email users. Why do they open the attachments. It can't mean anything to them. Is it idle curiosity or aren't they concerned about losses to their company.

• Reply to comment
• Reply to story
• Report offensive content

If someone gets an unexpected ...Anonymous -- 04/06/03

If someone gets an unexpected e-mail message with an attachment, my advice is never open it.

You must configure your Outlook Express to block opening of any such suspicious message and get an anti-virus program running.

• Reply to comment
• Reply to story
• Report offensive content

I received a couple of these i ...Anonymous -- 08/07/03

I received a couple of these in my yahoo mailbox....one was labeled RE: MOVIE

Since I hadn't sent anything labeled MOVIE, I didn't believe it. In addition, the attachment was labeled as an "unknown file format", and my link to have Norton AV scan it before downloading was missing from it's usual spot...sneaky!

Immediate delete!

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials