• Web Pick: SmartLeads.ie

    SmartLeads aims to make the task of giving and getting business opportunities a breeze.
    » more

  • Follow ENN on Twitter

    Are you using Twitter to track trends? ENN's Twitter stream is updated in real time throughout the day.
    » more

  • Blog: Is Social Media The Real Thing?

    When two global FMCG brands take to the social web you know it must be the real thing.
    » more

SECURITY

Security firms warn over new Sobig worm

03-06-2003

by

A new incarnation of the so-called Sobig virus began spreading rapidly over the weekend, prompting e-security firms to issue warnings.

The new version of the Sobig self-propagating e-mail worm, Sobig.C, was first detected on Saturday, 31 May, and over the weekend the malware began a rampage that saw it hit computers in nearly 100 countries, according to MessageLabs.

It appears that the worm does not carry a payload that is especially dangerous, except for its ability to copy and re-send itself to contacts in an infected computer's address book. Nonetheless, its rapid spread over the weekend has prompted the likes of MessageLabs, Symantec and F-Secure to up the threat level posed by the virus. MessageLabs describes the bug as "high risk" and Symantec gives it a medium-to-high ranking of 3 on its scale of 1 to 5. F-Secure, meanwhile, has given it a level 1 ranking, its most dangerous rating.

The bug, along with a slightly older incarnation, Sobig.B, seems to be a variant of the Sobig.A worm, which has been doing the rounds in cyberspace since early January. According to MessageLabs, Sobig.A is the seventh most prevalent virus of all time. Both the "B" version and the "C" version, if activated, will only function until a certain date: 31 May in the case of the former and 8 June for the latter.

"We can see a very interesting pattern here. Sobig.B, that spread alarmingly only two weeks ago, was programmed to die on 31 May -- the same day Sobig.C was found," said Mikael Albrecht, product manager of F-Secure. "Sobig.C is programmed to die on 8 June so time will tell if we can expect Sobig.D to make its first appearance after that."

It is thought that Sobig.C slipped under the radar of some antivirus software because of a small change in the bug's basic encryption technology. The latest version of the malware resided in an altered version of UPX, which is a standard format for packaging programs, and the change prevented some computers from detecting the worm in infected e-mails.

Interestingly, the bug, like its predecessors, attempts to fool users into believing they have received an attachment from Microsoft and, in some cases, from Bill Gates himself. Though the sender's address can change, some infected mails are from "bill@microsoft.com" and other versions purport to be from "support@microsoft.com."

"The messages sent by the worm might appear to come from known people completely unaware of and not necessarily infected by the worm," explains Albrecht. "This means that receiving the worm from a given address doesn't imply that the sender corresponding to the address is infected," he added.

The major antivirus firms have issued updates for the latest variants of the bug, and most are providing removal tools for infected PCs.

Click here to make ENN your home page
Sign Up for FREE ENN Newsletters

EMAIL TIPS


email tipsUsing the subject line to get noticed: Denise Cox argues that to get results you have to make every word work in a subject line. » Read more

ENN CORPORATE

Complete copywriting services
Do you need skilled writers to put together compelling prose for your company? Why not check out the new-look corporate services site from ENN and see how we can put our skills to your use. » Read more

  • Hosted by TeleCity

SUBSCRIBE

Not a member yet?
Sign up free, click here
To change your ENN Newsletter and alerts preferences here

WHO'S WHO IN PR

Full listing of Irish PR firms, including high-tech specialists. » Click here