Don't Let Sobig.f Fool You
22 Aug 2003
The Internet worm Sobig.f has generated a global epidemic and many computer users are confused by some idiosyncrasies in the behavior of this malicious program
From the moment when Sobig.f appeared, many people received notification about the worm from Internet Service Providers automatic anti-virus filters. The auto-generated notification informed users that copies of the worm have been detected in e-mail sent from their computers. At the same time, the anti-virus software installed by the users did not detect Sobig.f.
Kaspersky Lab warns users that Sobig.f includes a feature that falsifies the Sender
address. The worm inserts a fake Sender
address chosen at random from e-mail lists found on infected computers. On the one hand, the worm uses this feature to hide its tracks and make it difficult to pinpoint the source of infection. On the other hand, this also discredits innocent users and confuses them by misinforming them about the infection.
Therefore, Kaspersky Lab reaffirms that all versions of Kaspersky� Anti-Virus will inform the user when the computer is infected with Sobig.f if the latest anti-virus updates are installed. In this case your computer is safe to use.
A detailed description of Sobig.f is available in the Kaspersky Virus Encyclopedia