Information Age: News, analysis & insight for IT & business leaders

21 August 2003 The Sobig-f virus has become the fastest spreading virus of all time, reaching a ratio of one email in 17 according to anti-virus scanning company MessageLabs.

The strain caused by the mass-mailing virus has become so great that MessageLabs has been forced to issue a warning to customers that email could be delayed as a result. Many users have found email accounts clogged with several copies of the virus, sometimes blocking delivery of legitimate email.

One unfortunate home user has been hit with 6,000 copies of the virus sent to a private home email account, according to anti-virus software vendor Sophos.

Sobig exploits known security flaws in Microsoft software. It spoofs the sender's address in a bid to fool unwary users into believing that the email is from a legitimate source. The virus is activated when the recipient opens an attachment with the ".pif" suffix.

Once a machine is infected, the virus attempts to connect to a web site to download and install a Trojan horse application, enabling the PC to be hacked into at a later date.

The Sobig series of viruses originated from the US, according to MessageLabs, and is believed to have been developed by spammers in a bid to gain access to machines not listed on increasingly effective anti-spam blacklists, particularly the Spam Prevention Early Warning System (SPEWS).

By blacklisting wide ranges of Internet protocol addresses, SPEWS has forced once-lackadaisical Internet service providers in Europe and America to clean out their networks of spammers, forcing them overseas to places such as China and Argentina.

The virus has an in-built expiry date of 10 September, but anti-virus software suppliers suggest that this indicates that a follow-up virus will be released just days before, altered to avoid the latest anti-virus software signatures.

Links:
W32/sobig-f analysis
Removal and disinfection instructions