Anti-virus experts have issued warnings about yet another Internet worm rapidly spreading around the world. The latest worm to add to IT administrators' woes is Sobig.F, a variant of the older Sobig worm.
Anti-virus company Sophos reports that Sobig.F is the fourth major Internet worm to hit the world's computers this week, with anti-virus vendors dubbing this "the worst virus week ever".
Sobig.F spreads at an "alarming rate", accounting for nearly 80% of all infection reports recorded yesterday, according to anti-virus provider Central Command.
There has not been so much virus activity since the Code Red and Nimda worms hit about a year ago, experts say.
Sobig.F is a mass e-mail worm that attempts to download files from the Internet and potentially leave computers vulnerable to further attack.
Netxactics, Southern African distributor for Sophos Anti-Virus, says the Sophos support centre has received reports of thousands of instances of the worm in the past few hours.
Netxactics CEO Brett Myroff says Sophos believes the worm has spread so fast it is likely that the virus writer used spamming technology to launch it.
"We have seen such a large influx of reports so quickly, it seems likely that the virus author gave his creation a kick-start using techniques usually employed by spammers. The result is that hundreds of thousands of copies of the Sobig.F worm are shunting around the Internet, and some companies are finding their e-mail systems are grinding to a halt."
Myroff says the worm arrives via e-mail bearing subject lines such as "that movie", "details", "approved" or "wicked screensaver". The worm poses as an attached PIF or SCR file. Launching the attached file infects the computer.
"Many users know to be cautious about running unsolicited EXE files, but they should be equally wary about running PIF files or screensavers. All computer users should exercise caution when deciding what is safe to run on their computers."
Myroff says the worm is programmed to stop working on 10 September.
"Putting a 'dead-date' on his viruses suggests that the Sobig author is effectively test-driving his creations to see which tricks work best from the technical and psychological point of view. Releasing Sobig variants on different days of the week, and using slightly different subject lines and filenames, suggests that the worm's author may be trying to find the 'perfect' conditions under which his viruses can spread most quickly."
Sobig.F comes on the heels of the Blaster, or LoveSan worm, which hit hundreds of thousands of computers worldwide last week, spreading through a security hole in the Windows operating system and crashing them.
On Monday, another worm surfaced that was written to remove Blaster from infected computers and patch the hole. The new worm, dubbed Welchia or Nachi, temporarily paralysed many corporate networks, experts report.
In addition, an e-mail hoax is circulating, purporting to be a patch from Microsoft for the security hole Blaster exploits. But the e-mail instead contains a Trojan application that installs itself on the computer as a backdoor enabling an attacker remote access to the system.
Related stories:
Good worm tries to fix Blaster damage
Microsoft thwarts expected Blaster worm Web attack
Blaster worm hits SA companies
Fast-spreading worm exploits MS hole
Share