Sophos has received reports of thousands of instances of the
Sobig-F worm
(W32/Sobig-F) which can spread via email. For the worm to spread
this fast, Sophos believes that the virus writer may have launched
it using spamming technology. When arriving via email the worm can
pose as an attached PIF or SCR file. Launching the attached file
infects the computer.
"We have seen such a large influx of reports so quickly, it
seems likely that the virus author gave his creation a kickstart
using techniques usually employed by spammers. The result is that
hundreds of thousands of copies of the Sobig-F worm are shunting
around the internet, and some companies are finding their email
systems are grinding to a halt," said Graham Cluley, senior
technology consultant, Sophos Anti-Virus. "Many users know to be
cautious about running unsolicited EXE files, but they should be
equally wary about running PIF files or screensavers. All computer
users should exercise caution when deciding what is safe to run on
their computers."
Subject lines used are taken from a list, including "Re: That
movie", "Re: Wicked screensaver", "Re: Approved" and "Your
details". Like other variants of Sobig, the worm is programmed to
stop working on a particular date; in this case, 10 September,
2003.
"Putting a 'dead-date' on his viruses suggests that the Sobig
author is effectively test-driving his creations to see which
tricks work best from the technical and psychological point of
view," continued Cluley. "Releasing Sobig variants on different
days of the week, and using slightly different subject lines and
filenames, suggests that the worm's author may be trying to find
the 'perfect' conditions under which his viruses can spread most
quickly."
Further reading: Read instructions on how to
remove the W32/Sobig-F worm and ensure your system is not
vulnerable to reinfection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.