Sobig.C Worm is Spreading at an Alarming Rate; F-Secure Is Raising The Alert To The Highest Level As Sobig.C Worm Keeps Spreading.Business Editors/High-Tech Writers HELSINKI, Finland--(BUSINESS WIRE)--June 2, 2003 F-Secure is warning computer users of a new massmailer Sobig.C, which was first found in the wild late in the evening on 31st of May. On June 1st the worm increased its spreading and has now been reported already in 84 countries. "We can see a very interesting pattern here. Sobig.B, that spread alarmingly only two weeks ago, was programmed to die on May 31st - the same day Sobig.C was found," says Mikael Albrecht, the Product Manager of F-Secure. "Sobig.C is programmed to die on June 8th so time will tell if we can expect Sobig.D to make its first appearance after that," he suspects. Just like Sobig.B, Sobig.C also spreads via e-mail attachments and Windows network A local area network (LAN) made up of Windows clients and servers. Starting with Windows for Workgroups 3.1 in 1992, all versions of Windows have built-in networking. See Windows and NetBEUI network. shares. The attachments are always PIF (Program Information File) A data file in Windows 3.x and NT that stores window settings for DOS applications. It allows screen size, fonts and other options to be selected in order to customize the way the DOS app appears under Windows. or SCR (Sequence Control Register) See program counter. executables and the message reads "Please see the attached file" However, unlike its forerunner, Sobig.C does not send the emails from a fixed address, but uses random addresses it collects from the user's machine. "The messages sent by the worm might appear to come from known people completely unaware and not necessarily infected by the worm," explains Mikael Albrecht. "This means, that receiving the worm from a given address doesn't imply that the sender corresponding to the address is infected," he continues. The worm also spreads by collecting e-mail addresses from various files on the infected computer and sends the infected e-mails with variable subjects, content, filenames and file sizes. In addition to the e-mail spreading, Sobig.C will search for Windows machines within the infected Local Area Network and will try to copy itself to their Startup folder A Windows folder that contains pointers to applications (shortcuts) that are launched when Windows is started. See Win Startup folder. . This will fail unless users are sharing their Windows directories with write access - a thing that should never be done. After spreading, Sobig.C will attempt to download components from several URLs located at Geocities.com. F-Secure contacted Geocities during the weekend and the pages used by the worm have now been closed down. More information on the Sobig.C virus is available from the "Global Sobig Virus Information Center," available online at http://www.f-secure.com/sobig/ The page includes technical descriptions, images and real-time statistics on the worm. F-Secure has also developed a free tool, which cleans Sobig.C from infected machines. The tool is available in the Information Center. F-Secure Anti-Virus can detect, stop and disinfect To remove the virus code that has attached itself to a legitimate file. Sometimes, the antivirus program cannot untangle the code, and the infected file has to be deleted. See quarantine. the Sobig.C worm. F-Secure Anti-Virus can be downloaded from http://www.f-secure.com About F-Secure F-Secure Corporation is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus, file encryption and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges Helsinki Exchanges (HEX) The Helsinki Exchanges (HEX Ltd., Helsinki Securities and Derivatives Exchange and Clearing House) was formed at the beginning of 1998 following the merger of the Helsinki Stock Exchange Ltd. and SOM Ltd. (HEX:FSC FSC See: Foreign Sales Corporation ) since November 1999. The company is headquartered in Helsinki, Finland, with the North American North American named after North America. North American blastomycosis see North American blastomycosis. North American cattle tick see boophilusannulatus. headquarters in San Jose, California San Jose (IPA: /ˌsænhoʊˈzeɪ/) is the third-largest city in California, and the tenth-largest in the United States. It is the county seat of Santa Clara County. , as well as offices in Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers See VAR. (company) value added reseller - (VAR, or "value added retailer") A company which sells something (e.g. computers) made by another company (an OEM) with extra components added (e.g. specialist software). and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company's security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia and HP. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion