Log in ....Tribune

Monday, June 30, 2003
Feature

Unzip and get SoBig virus

A new variant of a computer virus spreading around the Internet on Thursday spoofs the e-mail address of the sender, making it difficult to determine the source of infection, anti-virus experts said. Computer security companies were rating the virus, dubbed .e," as a medium risk for both corporate and consumer users. Although the worm, which is a self-propagating virus, does not do much harm to infected machines, the fact that it masquerades as legitimate e-mail from known e-mail accounts randomly picked from infected computers makes it hard to detect, anti-virus experts said. The worm, which can affect any kind of e-mail program, infects an individual computer when users open an attachment in the form of a .ZIP-type compression file, says Craig Schmugar, virus research engineer at Network Associates Inc. The malicious program then mails itself to recipients extracted from the victim’s e-mail address book and can also spread over shared networks, experts said. Similar to earlier Sobig viruses, this version grabs e-mail addresses on infected computers and randomly picks names to send itself to other names that it displays as the sender.

"Spoofing (the sender address) can make the viruses last a little longer because in a non-spoofing e-mail you can hit "reply" to that message" and alert the sender that they are infected, Schmugar said. Subject lines include "Re: Application," "Re: Movie," or any of 16 other simple phrases, according to Symantec Corp. Symantec received nearly 1,000 submissions of copies of the virus in one day, said Vincent Weafer, director of the Security Research Center at Symantec. Sobig.e is timed to expire on July 14, the security experts said. — Reuters