New Fast-Spreading Sobig Worm Adds to ‘Worm Week’
SAN FRANCISCO (Reuters) – A new mass e-mail worm that attempts to download files from the Internet and potentially leave computers vulnerable to further attack was spreading quickly around the world on Tuesday, anti-virus experts said.
The new worm, dubbed Sobig.F, is at least the fourth new, major Internet worm to hit computers worldwide in the past week, prompting anti-virus vendor F-Secure to declare this the “worst virus week ever.”
Sobig.F, a variant of an older worm, began spreading on Monday in Europe and has infected an estimated tens of thousands of Windows-based computers, said Patrick Hinojosa, chief technology officer at Panda Software, based in Madrid.
It arrives in e-mail and includes a variety of subject lines, including “Your details,” “Thank you!,” “Your application” and “Wicked screensaver.” It has caused some corporate e-mail systems to grind to a halt, according to Sophos Inc.
When the .pif or .scr attachment is opened, Sobig.F infects the computer and sends itself on to other victims using a random e-mail address from the address book.
It also prepares the computer to receive orders and tries to download files from the Internet, said Hinojosa. It was unknown exactly what files they were, he said.
If the infected computer is on a shared network, the worm tries to copy itself to the other computers on that network.
The worm is programmed to stop spreading on Sept. 10.
Network Associates Inc. (NYSE:NET – news) has rated Sobig.F a medium risk because of the quick rate of spread, said Jimmy Kuo, research fellow at Network Associates, an anti-virus software vendor.
Sobig.F was spreading at an “alarming rate,” accounting for nearly 80 percent of all infection reports recorded on Tuesday, according to anti-virus provider Central Command.
Sobig.F comes on the heels of the Blaster, or LoveSan, worm which hit hundreds of thousands of computers worldwide last week, spreading to victims through a security hole in the Windows operating system and crashing them.
On Monday, another worm surfaced that was written to remove Blaster from infected computers and patch the hole. That worm, dubbed “Welchia” or “Nachi,” was temporarily paralyzing many corporate networks, experts reported.
In addition, an e-mail hoax was circulating, purporting to be a patch from Microsoft for the security hole Blaster exploits. But the e-mail instead contains a Trojan application that installs itself on the computer as a back door enabling an attacker remote access to the system.
There has not been so much virus activity since the Code Red and Nimda worms hit about a year ago, experts said.