Sobig Variant Making a Name for Itself
Sobig.E, which hides inside zipped file attachments, is doing most of its damage in the U.S.Our long national nightmare continues. Yet another variant of the persistent and malleable Sobig worm is on the loose. This one, dubbed Sobig.E, is distinct from its older brothers in that it hides inside zipped file attachments. Other than that, the worm is virtually identical to the other Sobig viruses that have been marauding across the Internet for several months. But, despite its familiar infection method and repeated warnings from anti-virus companies about all of the Sobig worms, the new version is having a field day so far. Since the worms discovery Wednesday, e-mail security provider MessageLabs Inc., of New York, has stopped more than 27,000 copies of Sobig.E. The worm is doing most of its damage in the United States, with only a few infections occurring overseas.
The worm arrives in an e-mail message with one of several subject lines, including: Re: application, and Re: movie. The body text reads, "Please see the attached zip file for details." And the attachment is named "your_details.zip." The zipped file contains the infected .pif file.