New worm variant disguised as e-mail from Gates

Free Newsletters

Log-in | Register

New worm variant disguised as e-mail from Gates Potent new version of Sobig virus spreading
By Paul Roberts, IDG News Service June 03, 2003			E-mail Printer Friendly Reprints Slashdot It!

A potent new variety of the Sobig e-mail virus is spreading on the Internet, according to warnings from a number of leading antivirus companies.

Free IT resource

Open Source Business Conference (OSBC) May 22-23, 2007

Sponsored by Dell

The new virus, known as Sobig.C, was first detected on Saturday and is a variant of the original Sobig virus, which appeared in January 2003, according to a statement by Helsinki, Finland, security company F-Secure.

Like the original Sobig virus, Sobig.C is a mass-mailing worm that spreads copies of itself through e-mail messages with attached files that contain the virus code.

Sobig.C arrives in e-mail messages that use a variety of subject lines such as "Re: Screensaver," "Re: Movie" and "Re: Your Application." The names of the attachment containing the virus also vary and include "screensaver.scr," "approved.pif" and "movie.pif," F-Secure said.

Once opened, the attachment copies the virus to the Windows folder on the infected machine and alters the machine's Microsoft Windows registry to make sure that the virus is started along with the operating system.

The worm scans infected machines for e-mail addresses stored in a variety of files including the Windows address book and on saved Web pages. Sobig.C saves the addresses it finds in a separate file, then targets those addresses with e-mail messages containing the virus.

Like its predecessor, Sobig.C is also capable of detecting and copying itself to vulnerable shared folders on a local area network, according to an alert by antivirus company Sophos.

However, unlike the earlier worm, Sobig.C is capable of faking the sender's address as well, inserting e-mail addresses it finds on the host machine in the "From" line of messages containing the virus.

Messages containing the original Sobig worm used only one address on the From line: "big@boss.com," according to an alert posted on the Web site of McAfee Security, a business unit of Network Associates Inc.

That means messages containing the Sobig.C virus might appear to come from people the targeted user knows. In addition, receiving an infected e-mail from an address doesn't automatically mean that the sender's machine has been infected, F-Secure said.

Among the e-mail addresses spoofed by Sobig.C is "bill@microsoft.com," the address for Microsoft chairman and chief software architect Bill Gates.

The new virus is just the latest Sobig variant to spread, in part, by using the name of the Redmond, Wash., company.

In May, another variant, Sobig.B, also known as "Palyh," infected machines worldwide by disguising itself as a message from Microsoft's support organization.

Most antivirus companies provided updated virus definitions to detect Sobig.C on Sunday and encouraged their customers to update their antivirus software as soon as possible.

Instructions for detecting the new virus were also posted on leading antivirus sites, as were tools for removing Sobig.C from infected machines.

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» Antitrust review of Google-Yahoo deal no surprise
While serious antitrust problems are unlikely, both Google and Yahoo expected their partnership to be subjected to instense DOJ scrutiny

» Top 10: Coreflood, more Microsoft-Yahoo, iPhone plans
This week's wrapup of the top tech news stories includes more Microsoft-Yahoo rumors, iPhone updates, Flash searches, Oracle's BEA roadmap, and more

» Four 'important' Microsoft patches due Tuesday
Not rated "critical," fixes apply to "Elevation of Privileges" and "spoofing" bugs for Windows, Exchange, and SQL

» Judge grants RIM a stay in Visto patent trial
Trial delayed from beginning next week while patent office studies validity of certain parts of e-mail provider Visto's patents as requested by RIM

» Developers satisfied with Apple's enterprise work
Mac developers feel that Apple shouldn't try to make a broad attempt to win over enterprises and should instead focus on certain areas within the enterprise

» Opera patches multiple bugs in flagship browser
Opera 9.5.1 fixes several flaws, including one ranked 'highly critical'

Solutions to the Toughest IT Challenges in Remote Offices
Though small in size, remote offices face many of the same IT challenges as larger central offices. This Webcast zeroes in on the top line challenges to deliver information that can provide immediate benefits to your business. Sponsor: AMD and Dell

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Going mobile with today's technology - Mobile applications are transforming how companies operate. With new ways to work flexibly, employees are becoming more ...
Measuring mobile productivity - Companies must be able to measure productivity gains from mobile working. Productivity is notoriously difficult to measure...
Thinking about IMS - IMS's increased flexibility and the potential it offers for new services will create a fundamental shift in the way that...
Agile Development: 5 Steps to Continuous Integration - As more and more organizations adopt agile development, the need for continuous integration of a build can be a daunting...
Leading Analysts: Pen Testing is a Requirement - In a newly-published case study, Gartner's John Pescatore, one of the most respected analysts covering the IT security market...
Get more from your Electronic Software Delivery investment - Electronic software delivery (ESD) offers software vendors the potential for significant business benefits. By enabling ...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques CA - Manage your IT more effectively. Efficient - Flexible - Compliant HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Rackspace - Go Green Without Sacrificing Server Performance AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment. AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography		Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist