Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in / up

Security

This article is more than 1 year old

Email worm joins Blaster attack on Windows

Shot by both sides

icon John Leyden
Tue 19 Aug 2003 // 16:36 UTC

A new variant of the Sobig worm is spreading rapidly across the Internet this afternoon.

Sobig-F, like its predecessors, can spread via either email or (less commonly) network shares.

Infectious emails come with a variety of subject lines (eg. 'Your details', 'Re: Approved', 'Re: Your application', 'Re: Wicked screensaver', 'Re: That movie', 'Thank you!', etc.) and an infectious .pif or .scr attachment. Launching the infected attachment infects a computer, natch

Sobig-F scans infected PCs for email addresses prior to blasting out copies of itself using its own SMTP client using spoofed email addresses filleted from the compromised PC.

Advisories by F-Secure and Sophos provide more information.

The worm is spreading rapidly. Managed services firm MessageLabs had blocked Sobig-F 36,227 times since spotting it yesterday.

We're getting sick of saying this, but Sobig-F is a Windows-only menace. Mac, Linux, OS/2 and Unix users are immune.

For Windows users it's the now familiar routine of updating viral software, blocking executables at the gateway and crossing their fingers that the current viral plague will subside.

A substantial number of firms are beginning to question whether this approach is appropriate given the current onslaught of malicious code.

Firms like MessageLabs and Avecho.com argue that the only sensible place to block malicious code is before it reaches users whilst a new generation of behaviour blocking firms are coming forward with technology to lock down Windows PCs. ®

Related Stories

Blaster worm spreading rapidly
Blaster rewrites Windows worm rules
Windows Update still standing despite Blaster
Blaster variant offers 'fix' for pox-ridden PCs
Post Blaster, MS floats default auto updates for Windows
Today's latest mass mailing worm (Sobig-A)
Why spammers lurve the 'Microsoft support' worm
VX writers release sequel to infamous Sobig worm

More about

TIP US OFF

Send us news

Other stories you might like