Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » New E-Mail Virus (Worm) - W32/Sobig.A

New E-Mail Virus (Worm) - W32/Sobig.A

by Nikola Strahija on January 14th, 2003 The latest e-mail virus (worm) to hit the Internet and have people concerned is W32/Sobig.A. MessageLabs, an Anti-Virus firm, first reported seeing the infection on 9th January in the Netherlands and it has since become most active in the USA, UK, Netherlands,S. Korea, China, Hong Kong, Canada, Germany and Australia: On 9th January 2003, MessageLabs stopped the first copies of a new virus, which was given the name ‘Sobig’ because the email address that is always comes from is ‘[email protected]’.


Initial analysis suggests that this is a mass-mailing virus that incorporates an SMTP engine. It may also have the ability to spread via various network shares, and also appears to download a text file from a website hosted by Geocities, which could contain a further URL that may subsequently be used to download a backdoor trojan. It also appears to be able to harvest email addresses from certain files that it searches for on the recipient’s hard disk, and uses the email addresses that it finds to send a copy of itself, using the internal SMTP engine. It can also access the contents of the recipient's address book and mailbox for other email addresses.

The attachments are compressed using TELock and are 65,536 bytes in size. From the copies that MessageLabs have intercepted, the email may be composed as follows:

Subject:
Re: here is that sample
Re: Movies
Re: Sample
Re: Document

The email body contains the following text:

Attached file:

Attachment file names may include:

Document003.pif, Sample.pif, Movie_0074.mpeg.pif, Untitled1.pif
The first month of 2003 is certainly looking to be one of the busiest for new virus activity so far. It's not even half way through January and the levels of infections are almost equal to that seen during the whole of December 2002.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »