Posted: 27th Jun, 2003 By: MarkJ
Sadly the Internet has just given birth to yet another variant of the increasingly common Sobig worm, Sobig.E. Unfortunately this latest incarnation may be somewhat more efficient at spreading:
Warning: dangerous new variant of Sobig family
On 25th June 2003, MessageLabs the email security company intercepted several copies of a mass-mailing virus which appeared to be a variant of W32/Sobig.C-mm, and was later identified as W32/Sobig.E-mm. The initial copies all originated from the United States.
Characteristics
Sobig.E appears to be able to harvest addresses from the recipients address book as well as collecting them from other files and documents on the computers hard disk. Sobig appears to also have the ability to spread via network shares and uses its own SMTP mail engine for sending email to further propagate.
In emails that we have stopped, attachments may have a file extension of either .zip or .zi, as with earlier versions of this virus some attachment file name extensions may be truncated. The email from: address is also spoofed and may not indicate the true identity of the sender.
Sources claim that Sobig has been spreading at lightning speed, enough to push it into the top spot of most charts and it's not slowing down.