W32/Sobig.F-mm is Still a Big Threat

W32/Sobig.F-mm is still with us and may be generating tons of spam. Learn how to stop Sobig.F cold. Plus: • Tip: Give a Secure PC for the Holidays?

Maybe its the holiday season, or end of year letdown, but Microsoft did not release any monthly security bulletins for December. The Redmond-based software giant reported that while its consolidating security update delivery to once a month, it may still release emergency bulletins as needed. While no updates may seem like good news, there is a Windows vulnerability that has the potential to leave users systems open to exploitation. Additionally, a new vulnerability in Internet Explorer can allow fake or spoofed URLs to obscure the real domain names, leaving a way for Phishing messages to look more authentic. See our Windows Security Update section for more information.

On the virus and worm front, not much has changed in the lineup of top threats. W32/Swen.A-mm, W32/Dumaru.A-mm and several Mimail variations are still infecting hundreds worldwide every day. Also on the top list is W32/Sobig.F-mm, a tenacious multi-vector worm that has been around since August. Sobig.F, like Swen.A, spoofed the "from" address field of e-mail it sent out, to make it look like someone else was sending the infected messages. The worm was very prolific by itself, but it ended up generating more incidental Internet traffic because automated IT antivirus systems were sending virus notifications back to the senders. Unfortunately, many of the apparent senders had nothing to do with the original e-mail message. In the days of slower moving viruses, the notifications were helpful, but with fast moving worms, it had to be scrapped. In a recent newsletter, ThreatFocus estimated that "Spam from PCs hijacked by the Sobig virus now accounts for more than half of all email sent across the Internet." Since Sobig is still a very large problem with many users, and is our top threat this week. See below on how Sobig infects and how to remove it.