New 'Sobig' virus could strike any day

SpinnerSpinner Birmingham, UK
edited August 2003 in Science & Tech
Security experts have warned that a new version of the Sobig.F email virus, could arrive any day.

The original virus plagued computers worldwide and this new revision is predicted to hit the NET even before the original one expires on September 10th.

image2.jpg
"Another virus could be released any time," said Steve Trilling, research director with the Security Response Team at Symantec Corp., a U.S.-based security company. "We can never be complacent when one threat seems to die down."

Mikko Hypponen, manager of anti-virus research at Finland-based F-Secure Corp, said one of the five prior versions of Sobig surfaced before the previous version expired. Sobig.E began circulating June 25, one week before Sobig.D was set to expire, he said.

The first version of Sobig arrived in January and had no expiration date. It was followed about four months later by Sobig.B. More sophisticated versions followed one week to three weeks after each preceding version, according to Hypponen.

The latest version, Sobig.F, first emerged a week ago and spread to hundreds of thousands of Windows-based computers, Hypponen said. Some 200 million e-mails have been sent over the Internet by infected computers, he estimated.

Sobig.F spreads when unsuspecting computer users open file attachments in e-mails with headings like "Thank You!," and "Re: Details." Once the file is opened, Sobig.F resends itself to e-mail addresses from the infected computer, using random names as the sender.

Sobig.F was programmed to send infected e-mails to one of 20 master computers to receive more instructions on Friday and Sunday, but both attacks failed when the 20 computers were taken off line by computer security specialists.

Infections have declined since last week, falling to a little under 100,000 affected computers by Monday, according to Tokyo-based anti-virus software maker Trend Micro Inc.

Authorities said Sobig.F was initially released on several Usenet news groups, which are Internet forums where people with similar interests can post messages and share photos.

Sobig.F was posted to news groups with names like alt.binaries.pictures.erotica and a few other adult-oriented news groups by someone using a stolen credit card, said Mike Minor, chief technology officer of Easynews.com.

Source - CNN

Comments

  • t1rhinot1rhino Toronto
    edited August 2003
    I just received it, or maybe it was a different virus.
    It disguised itself as a returned email from AOL admin mailbox with an infected attached disguised as the original message.

    Of course, I don't know anyone with an AOL account and did not send anyone at AOL an email, so I knew it must be a virus.
    I will check the Norton log, to see if it says anything.
  • QCHQCH Ancient Guru Chicago Area - USA Icrontian
    edited August 2003
    Seems like the virus (version f) is almost at the end of its life cycle. I bet that a new version (g) will come out the day after the current version "expires". That's me.... what do I know about viruses... only that they make my job "very lively" trying to kill them.

    <i>edit</i>: OK... just read the fine print above... Not much added by my post.
Sign In or Register to comment.