August 19, 2003 8:47 AM PDT

World squirms as Sobig returns

By CNETAsia Staff
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Latest Sobig variant getting bigger
June 26, 2003; Sobig spawns a recipe for secret spam
June 25, 2003; Sobig worm keeps on growing
June 3, 2003

The Sobig e-mail virus that caused havoc two months ago has reappeared in a virulent new form, according to e-mail service provider MessageLabs.

The company has given the virus a high-level alert status because of its rapid spread.

The new worm, code-named W32/Sobig.F-mm, appeared Monday, according to the company. All copies came from the United States. So far, the worm has been active in the United States, Denmark and Norway. Anecdotal evidence suggests that it has also spread to Asia-Pacific.

MessageLabs on Tuesday reported that 21 percent of cases were in the United Kingdom. The Sophos Web site indicated that the antivirus company had received "many reports of this worm from the wild."

"Initial analysis would suggest that Sobig.F is a mass-e-mailing virus that is spreading very vigorously. Sobig.F appears to be polymorphic in nature. The address is also spoofed and may not indicate the true identity of the sender," a MessageLabs statement said.

The sender appears to be someone from a recognized domain name, such as ibm.com, zdnet.com or microsoft.com. The subject line typically says "Re: Details," "Resume" or "Thank you."

Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif.

The virus grabs e-mail addresses from several different locations on a computer, including the Windows address book and Internet cache, and sends e-mails to each one. The virus also forges the source of the message using a randomly selected e-mail address so that the infected message appears to come from someone else.

Sobig.E is more efficient than previous versions of the virus in sending e-mail addresses, according to MessageLabs' analysis, because the e-mail engine that it uses to send e-mail is "multithreaded." While earlier versions of the virus had to wait for a task, or thread, to be completed, Sobig.E can send multiple e-mails concurrently, making it a much more efficient spam engine.

In an attempt to bypass local antivirus security, the file size varies on each generation by appending rubbish to the end of the file but is on average about 74KB, according to MessageLabs.

CNETAsia staff reported from Singapore. CNET News.com's Robert Lemos contributed to this report.

Latest tech news headlines

About time: Joost to launch browser-based player
Posted in News - Digital Media by Greg Sandoval

September 5, 2008 9:24 AM PDT
Analysts as a lagging indicator of success
Posted in The Open Road by Matt Asay

September 5, 2008 9:07 AM PDT
Memo: Windows chief on new ads
Posted in Beyond Binary by Ina Fried

September 5, 2008 8:58 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Samsung contemplating SanDisk acquisition
South Korean consumer electronics giant is considering a buyout of the chipmaker to reduce its NAND flash memory costs, according to PaidContent.
Gallery
Photos: Ron Paul's RNC alternative
As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.
The Open Road
Analysts as a lagging indicator of success
Gartner, Forrester, and other analyst firms tends to be great predictors of the past, probably because that's where they get their money.
Beyond Binary
Memo: Windows chief on new ads
Windows business unit head Bill Veghte send a memo to troops late Thursday promising that the debut Seinfeld/Bill Gates ad was just an "icebreaker."
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Digital Media
About time: Joost to launch browser-based player
Company's desktop client failed to catch on with the public so Joost is retooling, but is it to late to catch Hulu and YouTube?
Video
Political party playlists
We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.
News - Politics and Law
Video: Republican convention, day 4 recap
John McCain offers his vision of what the country can expect if he and running mate Sarah Palin are sworn into office in January.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Photos: The brains behind Google Chrome
Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.
Gadgettes, the blog
Gadgettes 105: The Sing, Sing a Song Episode
We have music on the brain in today's episode of Gadgettes. Don't worry, we won't destroy your ear drums with ear-piercing renditions of your least favorite '80s tunes. Instead, we'll soften the blow with a slew of musical gadgets and accessories.
Green Tech
Green news harvest: Stolen solar panels, hydrogen at home
Tata to bring small, all-electric car to Norway next year; a banner years for wind power; a home hydrogen-filling station; comparing the presidential candidates on plug-in cars; a microbial fuel cell for developing world; tips on greening your PC.