Sobig worm recruits PCs for profit

Internet worms that have besieged computers for over a week continue to play havoc, including one called Sobig.F whose aim is to turn PCs into spam machines, experts have said.

A Windows user battles to keep his PC worm-free
A Windows user battles to keep his PC worm-free

Sobig.F is believed to be the fastest growing virus ever. It drops software onto infected Windows computers that open them to be used later for distributing Internet spam – unwanted e-mails and product promotions, experts said. It also represents a new trend in converging e-mail spamming and virus software writing, they said.

Security experts said it was difficult to ascertain how many computers had been infected by the Sobig.F worm on Wednesday. Worms are viruses that spread through networks.

“We believe (Sobig.F) has been written by a spammer or spammers” looking for ways to get past spam filters, said Mikko Hypponen, manager of anti-virus research for Finnish security firm F-Secure. “For once, we have a clear motive for a virus – money.”


Internet service America Online (AOL), said it blocked about 11.5 million copies, while security firm MessageLabs stopped more than 1 million copies within the first 24 hours and dubbed Sobig.F the fastest growing e-mail virus.

Re: approved
Re: details
Re: my details
Re: Thankyou!
Re: That movie
Re: wicked screensaver
Re: your application
Your details

Sobig.F subject lines

Sobig.F hit the computing world as corporations were still recovering from several worms that spread through holes in Microsoft Corp’s Windows operating systems, including the “Blaster” worm. Also called “LovSan,” it has infected and crashed hundreds of thousands of computers since last week.

The “Welchia” or “Nachi” worm, which surfaced on Monday, infected 72,000 computers used by the US Navy and Marine Corps and crippled Air Canada’s reservation counters and call centres.

CSX Transportation said on Wednesday that a virus infection had slowed its dispatching and signal systems, forcing it to halt passenger and freight train traffic, including the morning commuter train service in Washington, DC.

New trend

Sobig.F hit home users particularly hard, experts said. It arrives in an e-mail with an attachment that when opened infects the computer and sends itself on to other victims using a random e-mail address from the address book, making it difficult to trace the worm back to its source.

The Sobig family of worms represents a new trend in the convergence of worm and spam techniques for more widespread and faster deployment, experts said.

Virus writers are utilising software that spammers employ to send bulk spam messages. Conversely, spammers are starting to use methods incorporated by virus writers to spread their messages and avoid detection, said Brian Czarny, marketing director at e-mail security company, MessageLabs.

Trojan horse

Previous Sobig versions loaded a program onto infected PCs that broadcast spam to other computers, thus turning the PCs into so-called “spam relays.”

Sobig.F downloads a Trojan horse onto infected computers, which could later be remotely activated to send spam, experts said.

“There are computers scanning the Internet for open relays so spammers can jump from one machine to the next and be able to send millions of spam messages and have them not be traced back to them or be blocked,” said Jimmy Kuo, research fellow at anti-virus vendor Network Associates Inc.

Sobig.F, which expires on 10 September, is spreading quickly because it sends multiple e-mails simultaneously and spreads to other computers on a shared network, said experts, who predict there will be another version in the near future. 

Source : News Agencies

More from News
Most Read