|HOME | EBOOKS | COMMUNITY | TELECOMMUTING JOBS | ADVERTISE|
Getting Hit By Sobig? All About the Sobig.F Worm
Chances are, if you have an email address, you have been bombarded with virus-laden emails with such subjects as "re: Your application" or bounces back to your email address that seem to show that you are the one sending these viruses to others.
Sobig originally made its rounds through email in the beginning of the year. This new version of Sobig, officially known as W32.Sobig.F@mm, began appearing on Monday, August 18, 2003 and has shown little signs of slowing down. The worm has an expiration date of September 10th, which means the worm will stop propogating then. But for those getting hundreds of these emails an hour, that is little consolation.
If you are reading this and are not running any sort of antivirus program on your computer, go and get one right now. The two most popular antivirus programs are Norton AntiVirus and McAfee VirusScan, and they both have free trials. Equally important is to remember to check for updates, because outdated antivirus software is useless.
The Sobig.F worm will arrive
in your in box with one of the following subject lines:
The actual body of the email will be:
See the attached file
And the actual virus itself will be attached to the email using one of the following file names:
The email address who appears to be the sender is almost certainly NOT the person who sent you the email or has an infected computer. But chances are, the person who has the infected computer had both your email address and the email address of the "sender" on his or her email program's address book. This virus will spoof senders, randomly selecting one person from the infected computer's email address book, meaning you had just as likely a chance of ending up as the "sender" as the person who actually did appear as the sender.
But also as a result of this email sender spoofing, you could end up with hundreds of bounced back messages, or messages from a server's virus program, which seemingly state that you have the virus too.
A server response will either be a regular "recipient unknown/unavailable" bounce, or something similar to the following:
A message received from you contained the Worm.Sobig.F virus and was discarded. The recipient has been notified. Since viruses often fake the senders address, you may not have actually sent the infected email. Please confirm your antivirus is up to date and running.
As long as your virus definitions are up to date (and you weren't infected prior to updating), you can rest assured that you aren't sending the virus to others.
If you are running Norton,
you are probably finding it time consuming when it alerts you with a pop-up
each time a new copy of the virus is found, particularly if you are getting
hundreds of these in an hour. To disable the pop-up (you can always re-enable
it after the Sobig attack has passed) open Norton AntiVirus, select Options,
and then Email. Under the option "How to respond when a virus is
found?" select "Repair then silently delete if unsuccessful."
Now, if you did not update
your antivirus in time, or have just installed an antivirus program now,
you remove the sobig-f from your system. To remove it, you can get the
Symantec (Norton) removal tool at http://securityresponse.symantec.com/avcenter/