New computer virus hits inboxes
Date 20-Aug-2003 8:08:56
|August is turning out to be a bumper month for Windows computer viruses.|
Hot on the heels of the MSBlast and the Welchi worms has come a fast-spreading variant of the Sobig virus.
The first version of Sobig appeared in June of this year but the newest F variant seems to be the most successful so far.
Anti-virus firm MessageLabs said it had stopped some 40,000 copies of the virus in the last 20 hours and the BBC has received dozens of infected e-mails.
Like the earlier versions Sobig F spreads by e-mail and by exploiting unsecured network links between Windows PCs.
When it spreads via e-mail, the virus fakes an e-mail address to hide its origins and regularly changes its form and the subject lines of messages it creates to make it harder to spot.
When it infects machines, it harvests e-mail addresses from Outlook address books and net page memory stores.
The suffix of the attachment bearing the virus also changes regularly but most often the malicious program masquerades as a screensaver (.scr) or a Windows program information file (.pif).
The filename of the attached file also changes regularly.
"The author of the Sobig worms has pulled this particular confidence trick several times before," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.
"Releasing Sobig variants on different days of the week, and using slightly different subject lines and filenames, suggests that the worm's author may be trying to find the 'perfect' conditions under which his viruses can spread most quickly," he said.
Sobig F has now been seen in 60 countries and currently seems to be most prevalent in the US. MessageLabs said Sobig F was "spreading vigorously".
Anti-virus firms urged users to update security software to block the latest variant.
E-mail users are being warned to be wary of messages bearing subject lines such as: Re: details, Re: approved, Re: Thank You, Re: That movie, Re; Wicked Screensaver or Your Details.
"All computer users should exercise caution when deciding what is safe to run on their computers," said Mr Cluley.
The Sobig F virus has a built-in timer that will stop it working on 10 September 2003.