Monday,
June 30, 2003 |
|
Feature |
|
Unzip and get SoBig
virus
A
new variant of a computer virus spreading around the Internet on
Thursday spoofs the e-mail address of the sender, making it difficult to
determine the source of infection, anti-virus experts said. Computer
security companies were rating the virus, dubbed .e," as a medium
risk for both corporate and consumer users. Although the worm, which is
a self-propagating virus, does not do much harm to infected machines,
the fact that it masquerades as legitimate e-mail from known e-mail
accounts randomly picked from infected computers makes it hard to
detect, anti-virus experts said. The worm, which can affect any kind of
e-mail program, infects an individual computer when users open an
attachment in the form of a .ZIP-type compression file, says Craig
Schmugar, virus research engineer at Network Associates Inc. The
malicious program then mails itself to recipients extracted from the
victim’s e-mail address book and can also spread over shared networks,
experts said. Similar to earlier Sobig viruses, this version grabs
e-mail addresses on infected computers and randomly picks names to send
itself to other names that it displays as the sender.
"Spoofing (the
sender address) can make the viruses last a little longer because in a
non-spoofing e-mail
you can hit "reply" to that message" and alert the sender
that they are infected, Schmugar said. Subject
lines include "Re: Application," "Re: Movie," or any
of 16 other simple phrases, according to Symantec Corp. Symantec
received nearly 1,000 submissions of copies of the virus in one day,
said Vincent Weafer, director of the Security Research Center at
Symantec. Sobig.e is timed to expire on July 14, the security experts
said. — Reuters
|