Fw: Old Virus Has a New Trick: Mailing Itself in Quantity

[Guest guest]

This is a virus warning. This virus is spreading fast. Thought I'd let everyone know to BE CAREFUL

August 20, 2003 Old Virus Has a New Trick: Mailing Itself in Quantity By JOHN SCHWARTZ f the e-mail message offers "details," "That movie" or "Wicked screensaver," don't open the attachment. (And why are you still opening unsolicited attachments, anyway? Don't you ever learn?) One of the most common rogue computer programs on the Internet made a virulent reappearance yesterday. The virus, known by security companies as SoBig.F, spread rapidly by e-mail messages across computer networks. MessageLabs, an e-mail security company that described the virus in an alert yesterday, said it was "spreading very vigorously." Other virus experts were more blunt. "It's shooting off like a rocket," said Ken Dunham, malicious code intelligence manager for iDefense Inc. in Reston, Va. The flood of e-mail does not necessarily mean that especially large numbers of machines are infected, he said. This bug is simply more efficient than previous programs at sending itself around. The mail program that the virus uses is "multithreaded," which allows it to send out many copies at once. But the creator of the program appears to have gone a step further, Mr. Dunham said, using computers that were taken over by previous versions of the SoBig virus to mass-mail copies of the program, as spammers do. Like many other mass-mailing viruses, SoBig comes with its own mail program that trolls through the victim's address book, stored Web pages and other files, picking up e-mail addresses. It then sends itself to every address it finds, and often disguises the sender's true identity by substituting an address from the victim's machine. Once the program has infected a machine, it will download a Trojan horse program that could allow an attacker to take over the target PC. The new SoBig comes during a busy time in the malicious software world. Computer users have had to deal with onslaughts from several new programs lately, including the Blaster worm and another called Nachi or Welchia, which has been marauding through corporate computer networks. Like most rogue programs, this latest virus affects computers running versions of Microsoft operating systems. With SoBig, many computer users whose machines become infected often bring the problem upon themselves by trying to open the attachment that comes with the e-mail message. It might be called "your details," "thankyou" or other names, but almost always ends in the file extension ".pif" or ".scr." Infection can be prevented by deleting suspect e-mail messages without clicking on the attachments, virus experts said yesterday, but "once somebody lets that one part in, it will quite happily propagate itself" throughout a network, said Weafer, senior director of Symantec Security Response. The program is blocked by recent versions of most antivirus programs. Like other variants of SoBig, the program was written to stop spreading on a certain date, in this case Sept. 10. Computer virus experts suggest that the program's creator is releasing each version for a limited time in a process of testing, tinkering and improvement. Copyright 2003 The New York Times Company | Home | Privacy Policy | Search | Corrections | Help | Back to Top