Search:



The Web

Rediff









Home > Rediff Guide To The Net > Features

Old Virus, New Tricks

Sobig virus returns to make PCs into spam machines

Vidya Srinivasa Rao | August 21, 2003 14:18 IST

Someone has found a way to teach an old virus, new tricks. If you get an email with 'Re: Details', 'Re: Approved', 'Re: My Details', 'Re: Wicked screensaver' and 'Re: That movie' in the subject line, you have just received the latest virus doing the rounds. Sobig.f is a variant of an old menace.

Though most antivirus programs take care of it, this time round Sobig is proving to be a master of disguise. It keeps changing its size and name to hoodwink antivirus measures and some of them do manage to sneak through.

Rediff Guide to the Net gives you the lowdown...

A common computer virus, Sobig, made its reappearance on August 19. The latest variant, named W32/Sobig.F -mm, spreads rapidly by email messages. Like the recent MSBlast and Nachi worms, Sobig affects computers running Microsoft operating systems.

It carries its infection in attachments that arrive by email. They might be called 'your details', 'thankyou' or other names, but almost always end in the file extension '.pif' or '.scr'.

According to Symantec, the antivirus company, the attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif.

How does it spread?
Once the program has infected a machine, it will download a 'Trojan horse' program that turn the victim's PC into a sender of spam mail.

The Sobig virus comes with its own mail program that scans through the victims' address book, stored Web pages and text files, picking up email addresses. It then mails itself to every address it finds, often disguising the sender's true identity by substituting an address from the victim's machine.

The virus also tries to spread on local networks when files are shared. However, its success in such instances is limited.

Prevention and Removal
Deleting suspected email messages without opening the attachments prevents the infection. If you have to share files across networks, make sure you password protect them. Sobig looks for shared resources to make copies of itself.

Most antivirus firms have updated their antivirus programs to block this program. Make sure you have the latest virus updates. Symantec Security Response has developed a removal tool to clean the infections.

If nothing works, wait till September 10. Come what may, the virus is designed to stop spreading then.



Article Tools

Email this Article

Printer-Friendly Format

Letter to the Editor










Share your comments


 What do you think about the story?




Read what others have to say:


Number of User Comments: 34




Sub: Thanks

the MSBLAST virus was a horrible one...as a system administrator i got atleast 10 calls from my clients infected with the MSBLAST virus...thanks to symantic ...


Posted by Kiran





Sub: sobig virus

Thank u very much rediff, for the warning. Today morning when i tried my rediff id, i got a message that inbox is full. How ...


Posted by Abdul Riyas K





Sub: Thanks for the Information

Lot many thanks for the vital information.


Posted by Mahendra





Sub: Sobig Virus

Dear Rediff, Thanks a ton for the Symantec Norton update, well my PC at my workplace was sure affected as it sent mails(2 infact) with ...


Posted by Vijay Krishnan





Sub: Thanks

Thanks, Rediff for making us alret. once again Thank you


Posted by Chandradeo Singh




Disclaimer







Copyright © 2003 rediff.com India Limited. All Rights Reserved.