Sophos has received reports from customers concerned about auto-
responders that are wrongly accusing them of sending an email
infected with the W32/Sobig-F worm.
'Sender forging' or 'spoofing' is when an email address of an
infected computer is replaced with another address, often randomly
plucked off the infected computer by the virus. Sender forging is
normally done just before the virus sends itself out to more
potential victims. By changing the address in the 'Sender' field,
no one knows who sent the email or where it came from.
Some gateway applications that scan email attachments for viral
content email auto-reply when a virus is found. If the 'Sender'
name has been forged, the auto-reply can be received by an innocent
party, causing undue confusion and stress. A false accusation may
even harm your company's relationship with clients.
"Sobig-F is not the first virus to forge email addresses," said
Carole Theriault, technology consultant at Sophos Anti-Virus.
"Other notorious viruses such as Bugbear, Fizzer, Mimail and Klez have also used
spoofing. The confusion generated has often allowed viruses to
spread faster and wider."
Sophos recommends that users do not respond to emails from
auto-responders accusing them of being infected and spreading the
Sobig-F worm. However, they should consider double-checking their
computers for the latest viruses just in case they are genuinely
infected.
It is also advisable to run email gateway scanners such as
Sophos MailMonitor to block viruses
from being sent into or out from a network - however, as seen
above, Sophos advises that setting up an auto-respond mechanism is
fraught with problems.
Further reading: Read instructions on how to
remove the W32/Sobig-F worm and ensure your system is not
vulnerable to reinfection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.