• silicon.com
• Technology
• Security

By Will Sturgeon, 2 June 2003 14:16

NEWS The trend for spoofing Microsoft addresses to deliver viruses shows no sign of abating, with Sobig making an unwelcome return in an email which appears to be from Bill@Microsoft.com. Last month an email purporting to be from support@Microsoft.com arrived in users' inboxes, carrying the Palyh virus. The social engineering which goes into creating such viruses and encouraging users to open and activate them plays on the fact that users may be duped into double clicking - assuming Microsoft to be a trustworthy source. Sobig variants have appeared before, and the latest version, Sobig.C, is already causing problems for computer users, with the UK the hardest hit country so far. Anti-virus vendor MessageLabs has given the virus outbreak its highest level of warning. Paul Wood, chief information analyst at MessageLabs, said: “Sobig.C is the latest in a recent spate of mass mailers and is proof that the problem of virus outbreaks has not gone away – we have seen over 15 new viruses in the past month, and recently stopped five new variants in one day. “What this demonstrates is that too many users are still leaving it too late and allowing viruses through to their desktop – the only way to guarantee protection from email borne threats is proactively to scan for them at the internet level, before they reach the network boundary.” Sobig.C is a mass mailing worm which will attack a PC and then email itself to all email addresses on the infected machine. All emails intercepted so far carry the same body text in the email: "Please see the attached file." So far the UK is the hardest hit country in terms of propagation. MessageLabs has intercepted around 8,000 instances of the virus, all originating from within the UK, since Saturday. Canada and the US are also already contributing to the rapid spread of the virus, and this may increase dramatically when businesses and home users start logging onto their computers in the next few hours and start checking any emails which have arrived over the weekend.