Virus Alert

Virus Alert


W32.Sobig.f@mm Virus Alert

There is an email worm currently spreading which includes an attachment, which if opened on a machine running a Windows operating system, will harvest email addresses from that machine and send out copies of itself. The email typically has a subject line similar to Re: My Details, Re: Wicked Screensaver, Re: That movie or several other variants. The message attachment is a Program Information File which has the extension .pif. This worm is refered to as W32.Sobig.f@mm. The worm code is set to expire on September 10, at which point it will cease propagating.

This worm uses a technique called email spoofing, where it uses a random email from the mails it has harvested as the sender of the infected message. Thus the worm can appear to originate from addresses that have not been infected by the worm. Users should note that this form of email spoofing is trivial to perform, and as such they should not immediately suspect the spoofed address as having sent the worm. A analysis of the full email headers, which are typically hidden by most email clients, can usually reveal the source of the worm.

You can learn more about this virus at the following sites:


http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html


http://vil.nai.com/vil/content/v_100561.htm