After taking most of last year off, the world's virus writers seem to be making up for lost time early this year.
After taking most of last year off, the worlds virus writers seem to be making up for lost time early this year.
A new virus, known as Sobig, spread rapidly on the Internet last week, infecting machines worldwide. The virus appears to attack Windows machines running Microsoft Corp.s Outlook e-mail client. MessageLabs Ltd., a Gloucester, England, company that tracks viruses, saw more than 10,000 copies of Sobig on Monday last week and more than 20,000 copies to date.
Some users in the United States were being flooded with virus-infected messages, some receiving as many as 30 an hour.
Not much is known about the virus, but it seems to be a mass-mailing worm that behaves much like the Lirva worm that began spreading earlier this month. It arrives via e-mail, in a message from firstname.lastname@example.org and carrying one of four subject lines: Re: Movies; Re: Document; Re: here is that sample; Re: Sample.
The message includes an attachment, whose file name could include Document003.pif, Sample.pif, Movie_0074. mpeg.pif or Untitled1.pif, according to MessageLabs analysis of the virus. Sobig uses its SMTP engine to mail copies of itself to addresses that it finds on the infected machines hard drive and e-mail address book. The virus copies itself to two shared folders on shared network drives.
Sobig then downloads from a Yahoo Inc. GeoCities site a file that contains a link to another file located elsewhere on the Internet. The worm downloads this second file and executes it on the infected machine. Its unclear what the file does.
Anti-virus vendor Trend Micro Inc., which is based in Tokyo, said the worm may also send an e-mail to its creator, notifying the person of which machines are infected.