By Staff, 19 August 2003 16:38
NEWS The Sobig email virus which caused havoc two months ago has reappeared in a virulent new form, according to email service provider MessageLabs. The firm has given it a high-level alert status as it appears to be spreading very vigorously. The new worm, codenamed W32/Sobig.F-mm, appeared on Monday, according to the firm. All copies came from the US. So far, the worm has been active in the US, Denmark and Norway. Anecdotal evidence suggests that it has also spread to the Asia-Pacific region. A MessageLabs statement said: "Initial analysis would suggest that Sobig.F is a mass-emailing virus that is spreading very vigorously. Sobig.F appears to be polymorphic in nature. The address is also spoofed and may not indicate the true identity of the sender." The subject line typically says "Re: Details", "Resume" or "Thank you" and the sender often appears to be a very recognisable domain - such as Microsoft.com. Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif. The virus grabs email addresses from several different locations on a computer, including the Windows address book and internet cache, and sends emails to each one - thus propagating itself around the world. The virus also forges the source of the message using a randomly selected e-mail address, so that the infected message appears to come from someone else.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below