Press Releases

Browse our press release archive

19 May 2003

Sobig-B worm to fall dormant on 31 May 2003

Emails infected with W32/Sobig-BThe W32/Sobig-B worm, which has been spreading via email and network shares since the early hours of this morning, has been programmed to fall dormant at the end of the month.

A close examination of the worm's code by Sophos virus researchers has discovered that the worm checks the date settings on infected computers. If the date is 31 May 2003 or later, the worm is configured to ignore the code that tells it to send itself to the email addresses found on the user's hard drive. It will also ignore the section of the code that tells it to search for attached network devices to infect.

"It's hard to deduce precisely why the virus author has done this - but it's not the first time we've seen a virus or worm have a built in 'self-destruct' routine," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "It's possible some virus writers include such code into their creations in the hope that if they are later caught by their authorities, it will show them in a better light."

Sophos, however, urges businesses not to wait for the virus to turn off its replication routines but take action now to avoid infection.

"Businesses can easily automate their anti-virus protection updates. This approach, combined with blocking executable code from entering the company at the email gateway, can dramatically reduce the chances of virus infection," continued Cluley.

The W32/Sobig-B worm distributes itself in the form of an email pretending to be from Microsoft.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.