Home > Rediff Guide To The Net > Features
Old Virus, New Tricks
Sobig virus returns to make PCs into spam machines
Vidya Srinivasa Rao |
August 21, 2003 14:18 IST
Someone has found a way to teach an old virus, new tricks. If you get an email with 'Re: Details', 'Re: Approved', 'Re: My Details', 'Re: Wicked screensaver' and 'Re: That movie' in the subject line, you have just received the latest virus doing the rounds. Sobig.f is a variant of an old menace.
Though most antivirus programs take care of it, this time round Sobig is proving to be a master of disguise. It keeps changing its size and name to hoodwink antivirus measures and some of them do manage to sneak through.
Rediff Guide to the Net gives you the lowdown...
A common computer virus, Sobig, made its reappearance on August 19. The latest variant, named W32/Sobig.F -mm, spreads rapidly by email messages. Like the recent MSBlast and Nachi worms, Sobig affects computers running Microsoft operating systems.
It carries its infection in attachments that arrive by email. They might be called 'your details', 'thankyou' or other names, but almost always end in the file extension '.pif' or '.scr'.
According to Symantec, the antivirus company, the attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif.
How does it spread?
Once the program has infected a machine, it will download a 'Trojan horse' program that turn the victim's PC into a sender of spam mail.
The Sobig virus comes with its own mail program that scans through the victims' address book, stored Web pages and text files, picking up email addresses. It then mails itself to every address it finds, often disguising the sender's true identity by substituting an address from the victim's machine.
The virus also tries to spread on local networks when files are shared. However, its success in such instances is limited.
Prevention and Removal
Deleting suspected email messages without opening the attachments prevents the infection. If you have to share files across networks, make sure you password protect them. Sobig looks for shared resources to make copies of itself.
Most antivirus firms have updated their antivirus programs to block this program. Make sure you have the latest virus updates. Symantec Security Response has developed a removal tool to clean the infections.
If nothing works, wait till September 10. Come what may, the virus is designed to stop spreading then.