posted on August 19, 2003 09:53:08 AM new
New computer virus hits inboxes
August is turning out to be a bumper month for Windows computer viruses.
Hot on the heels of the MSBlast and the Welchi worms has come a fast-spreading variant of the Sobig virus.
The first version of Sobig appeared in June of this year but the newest F variant seems to be the most successful so far.
Anti-virus firm MessageLabs said it had stopped some 40,000 copies of the virus in the last 20 hours and the BBC has received dozens of infected e-mails.
Like the earlier versions Sobig F spreads by e-mail and by exploiting unsecured network links between Windows PCs.
When it spreads via e-mail, the virus fakes an e-mail address to hide its origins and regularly changes its form and the subject lines of messages it creates to make it harder to spot.
When it infects machines, it harvests e-mail addresses from Outlook address books and net page memory stores.
The suffix of the attachment bearing the virus also changes regularly but most often the malicious program masquerades as a screensaver (.scr) or a Windows program information file (.pif).
The filename of the attached file also changes regularly.
"The author of the Sobig worms has pulled this particular confidence trick several times before," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.
"Releasing Sobig variants on different days of the week, and using slightly different subject lines and filenames, suggests that the worm's author may be trying to find the 'perfect' conditions under which his viruses can spread most quickly," he said.
Fast spreading
Sobig F has now been seen in 60 countries and currently seems to be most prevalent in the US. MessageLabs said Sobig F was "spreading vigorously".
Anti-virus firms urged users to update security software to block the latest variant.
E-mail users are being warned to be wary of messages bearing subject lines such as: Re: details, Re: approved, Re: Thank You, Re: That movie, Re; Wicked Screensaver or Your Details.
"All computer users should exercise caution when deciding what is safe to run on their computers," said Mr Cluley.
The Sobig F virus has a built-in timer that will stop it working on 10 September 2003.
~~~ • ~~~ • ~~~ • ~~~ • ~~~
If it's really Common Sense, why do so few people actually have it?
[ edited by Fenix03 on Aug 19, 2003 10:08 AM ]
posted on August 19, 2003 10:06:47 AM new
I'm getting hit hard with these today. (About 30 so far). I have not opened any attachments, but did click on one that said "Please see attached file". I then deleted it. Is it possible to get this virus just by opening the email without opening any attachments? Or do you have to open an attachment to get infected?
posted on August 19, 2003 11:32:51 AM new
sheesh! I am being hit heavily with these also, and it's a real pain because I had auctions close last night!
I have NIS which is catching them all, but what an inconvenience!
"Be kind. Remember everyone you meet is fighting a hard battle." - Harry Thompson
"I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide and then questions the manner in which I provide it." - A Few Good Men
posted on August 19, 2003 11:45:47 AM new
We have been on line since 1991 – and it didn’t take long to learn that opening attachments is the worst thing one can do.
We have our e-mail Outlook Express, to automatically send all e-mails with attachments to the delete file.
If some wants to show us a picture, they can just as easily imbed it in their standard e-mail – I’ve never found attachments necessary.
We have been active on eBay since 1996, and have 4 separate commercial web sites, and we have never had a business problem occur because we don't open/accept attachments.
Set your computer to delete all such, and it will...........PLUS our Norton Anti-Virus stops all other questionable mail.
May sound rather hard nosed, but it prevents problems.
posted on August 19, 2003 11:59:15 AM new
I use OE also; however, each time a new email comes in with a potential virus-related attachment, I still get the lovely yellow screen from NIS and have to click on the "finished" key to make it disappear - and on and on and on with each infected email. It doesn't matter where the emails going - if NIS detects a questionable email, voila! the yellow "GOT IT!" screen...
"Be kind. Remember everyone you meet is fighting a hard battle." - Harry Thompson
"I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very freedom I provide and then questions the manner in which I provide it." - A Few Good Men
posted on August 19, 2003 01:09:26 PM new
I just emailed everyone in my address book to let them know if they send an attachment, I won't be opening it. Because I use Outlook, forwarded emails come as attachments. I never open an attachment from someone I don't know, but now I fear even those from people I do know. Many of the people in my address book are not computer savvy and would have no clue what to do with a virus. To most of them you take two aspirins and drink plenty of fluids.
Cheryl
Power to the people. Power to the people, right on. - John Lennon
posted on August 19, 2003 05:13:15 PM new
I got five "bounced" e-mails that I never sent. They were to people I don't know and were returned because SoBig was attached. My machine is clean because I use Norton's fanatically. But my e-mail address is now compromised. BTW, I never use OE only Netscape.
[ edited by jensmome on Aug 19, 2003 05:13 PM ]
posted on August 20, 2003 04:13:50 AM new
question: if you use "web-based" email programs (specifically AOL) are you less likely to get infected because you have to actually download the attachment?
posted on August 20, 2003 04:25:57 AM new
It doesn't matter which email program you use. You have to open the attachment to get the virus. My suggestion is to do as I did. Email those in your address book and tell them you are not accepting mail with attachments any longer. Outlook has a default setting for that. Many people with AOL have received these emails.
Cheryl
Power to the people. Power to the people, right on. - John Lennon
posted on August 20, 2003 04:40:45 AM new
OK - I haven't used Outlook for years, but I thought I remembered that you could see the attachments without actually downloading them...maybe they changed that. (makes sense that they would)
posted on August 20, 2003 08:52:34 AM new
1. Don't use Outlook.
2. If you must use Outlook:
Best advice here--- "We have our e-mail Outlook Express, to automatically send all e-mails with attachments to the delete file"
3. Those of you in the thick of the attack - Go to the Web mailbox of your ISP (assuming they Provide webmail) before opening your mail in Outlook and delete all the offending emails. This takes less time that dealing with each individual attack through Norton.
4. I am loving the quiet here on Mailblocks and My ISP webmail. At present I am not even using an email program on my computer, have recieved no attachment emails.
posted on August 20, 2003 10:42:38 AM new
My friend just got her computer back from Gateway yesterday AM. I* hooked it up & went into Noerton Live update & bingo she had the virus!! Hadn't even looked at any emails. So you don't have open an email to get it. Last noight I couldn't get on line with Verizon DSL, but I don't have a virus alert. Maybe it doesn't affect W2000. r maybe its my firewall.
- Harry Thompson