Experts: New Sobig virus could strike any day

[schadeaux]

SAN FRANCISCO, California (Reuters) -- A new version of the Sobig.F e-mail virus that has plagued computers worldwide could arrive any day, even before the latest variant is timed to expire on September 10, security experts warned.

"Another virus could be released any time," said Steve Trilling, research director with the Security Response Team at Symantec Corp., a U.S.-based security company. "We can never be complacent when one threat seems to die down."

Mikko Hypponen, manager of anti-virus research at Finland-based F-Secure Corp, said one of the five prior versions of Sobig surfaced before the previous version expired. Sobig.E began circulating June 25, one week before Sobig.D was set to expire, he said.

The first version of Sobig arrived in January and had no expiration date. It was followed about four months later by Sobig.B. More sophisticated versions followed one week to three weeks after each preceding version, according to Hypponen.

The latest version, Sobig.F, first emerged a week ago and spread to hundreds of thousands of Windows-based computers, Hypponen said. Some 200 million e-mails have been sent over the Internet by infected computers, he estimated.

Sobig.F spreads when unsuspecting computer users open file attachments in e-mails with headings like "Thank You!," and "Re: Details." Once the file is opened, Sobig.F resends itself to e-mail addresses from the infected computer, using random names as the sender.

Sobig.F was programmed to send infected e-mails to one of 20 master computers to receive more instructions on Friday and Sunday, but both attacks failed when the 20 computers were taken off line by computer security specialists.

Infections have declined since last week, falling to a little under 100,000 affected computers by Monday, according to Tokyo-based anti-virus software maker Trend Micro Inc.

Authorities said Sobig.F was initially released on several Usenet news groups, which are Internet forums where people with similar interests can post messages and share photos.

Sobig.F was posted to news groups with names like alt.binaries.pictures.erotica and a few other adult-oriented news groups by someone using a stolen credit card, said Mike Minor, chief technology officer of Easynews.com.

CNN

[Saru]

I'm still getting upwards of 100 of these every day, although I didn't know it timed out on September 10th.

At least this particular bombardment of E-Mails should die down in a couple of weeks, providing another version doesn't surface before then.

[BuhiBuhi-Kun]

Hmmmm,

Kimm was raving about viruses...

[Saru]

I think this particular worm is far beyond anything Kimm would ever be able to create.

[TheOracle]

I wouldn't be so sure Saruman, after all he did make a stick wiggle inside of a jar

[Saru]

*lol* TO

[Althalus]

I seem to have been lucky so far then, I have not had one virus through my email in over... well since xmas.

[Halo_Jones]

I opened a bloody virus up last week, it was from a supposed AOL site..it said I had an unopened Love@AOL message and when I clicked on the link it took you to a web page which said... cannot find server... anyhow a few days later I went to log on and found my password had been rejected and when I rang AOL to find out why it was because 336 emails had been sent from my email address to all members with usernames starting with "A" I looked in my "SENT" email box and they all said "You have an unopened Love@AOL message from "my username" please follow the link to read. When I informed AOL they said "we're look in to it" but thats the last I'v heard from AOL about it!

I'v now changed my password ran a virus clean up program which found 4 infected files and set up a Firewall. What a total buggering bloody giant pain!

Anyone else had anything like this?....Oh and Althalus....if you got one of these links its NOT what you think!

[schadeaux]

it said I had an unopened Love@AOL message

Reminds me of an old country song...

"Looking for Love@AOL in all the wrong places..."

At least it's fixed now, Halo, and I hear they found the kid (yes, a 18 year old kid) who supposedly started the whole thing. I'll see if I can find a report.

Edited August 29, 2003 by schadeaux

[Althalus]

Right thanks, I'll keep an eye out for that subject heading.

[connecian]

I keep gettng the RE: Wicked Screen saver and RE: APplication

SaRuMaN: you said that this should die down in the next few weeks, so does that mean that it will stop sending itself to emails too? I have to go into my emails about 3 times a day to delete the virus that is sent.. If not does anyone know the best program to put on your computer to try to stop it?

[Saru]

Connecian,

Yes once the virus times out it should stop sending itself to people as well. Because of the nature of the virus though it's difficult to stop it from being sent to you, even if you have an anti-virus program installed to prevent being infected by it. The way I do it is to use a program called 'Mail Washer', that lets you view the contents of your inbox and remove unwanted e-mails without having to download them to your E-Mail client.

You can get it for free from :

Mail Washer

It's particularly useful when you get 100 of these infected E-Mails at 100k each and only a 56k modem to download them with.

[connecian]

SaRuMaN .... Thanks... You're the best