Beware! Yet Another Version of Sobig Is On The Loose

19 Aug 2003
Virus News


Kaspersky Lab, a leading expert in information security warns users about a new modification of the Internet Worm Sobig. Analysts at Kaspersky Lab have received reports about this malware from Europe and Russia. The new version of Sobig is very similar to the prior versions: the first version had appeared in January 2003. The cosmetic changes in this new version affect only the subject, text and names of attached files, as well as the deactivation date. The worm remains fully functional only until September 10, 2003. The Sobig worm spreads itself via e-mail in the form of a file attachment as well as over local area networks. To spread over LANs Sobig copies itself to shared network drives, while via e-mail the worm scans infected computers for files containing e-mail addresses and then clandestinely sends copies of itself to the found addresses. To draw users into launching the file attachment containing the infected code, Sobig employs various social engineering techniques, among which is a message disguised as a technical support message sent from Microsoft. Of the collateral effects caused by Sobig, it is essential to note the worm's ability to download and install from a remote Web-servers updated versions of itself as well as to impregnate infected systems with spyware programs. The defense against this malicious program has already been added to the Kaspersky® Anti-Virus database. More detailed information about the new version of Sobig can be found in the Kaspersky Virus Encyclopedia.