Posted: 02nd Jun, 2003 By: MarkJ
Anti-Virus firm Central Command reports that the third incarnation of Sobig (e-mail worm), Sobig.C, is now spreading around the globe and could soon become a serious problem:
"We are already beginning to see a significant increase in virus infections for Worm/Sobig.C. We have reports of this virus infecting people in over 24 different countries and expect the virus infection reports to rise throughout today and tomorrow as employees return to the office on Monday morning," said Steven Sundermeier, product manager at Central Command, Inc. "Since Worm/Sobig.B was written to self-terminate its mass mailing routine on May 31st, it appears Worm/Sobig.C seems to pickup right where Worm/Sobig.B left off."
Worm/Sobig.A and Worm/Sobig.B accounted for over thirty percent of all confirmed infection reports for May 2003 according to Central Command's Emergency Virus Response Team tracking. Likewise, Worm/Sobig.B was the top infector for May 2003 tallying 22.4% of all confirmed infection reports.
Worm Details:
Name: Worm/SoBig.C
Alias: Win32.Sobig-C
Type: Internet Worm
Discovered: June 1, 2003
Size: 59.948KB
Platform: Microsoft Windows 9x/ME/NT/2000/XP
Description:
Worm/Sobig.C is an Internet worm that spreads through e-mail by using addresses it collects in the files with the following extensions, .dbx, .eml, .htm, .html, .txt, and .wab.
The worm spreads via e-mail, it may have the following appearance:
From: bill@microsoft.com
Subject:
- Approved
- Re: 45443-343556
- Re: Application
- Re: Approved
- Re: Movie
- Re: Submited (004756-3463)
- Re: Your application
Body: Please see the attached file.
Attachment: (it will contain one of the following)
- 45443.pif
- application.pif
- approved.pif
- document.pif
- documents.pif
- movie.pif
- screensaver.scr
- submited.pif
- _submited.pif