Excerpts of “New Computer Virus Clogs E-Mail Inboxes” by Riva Richmond from WashingtonPost.com:
A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week’s outbreak of the Blaster worm.
The new virus, named “Sobig.F” by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims’ PCs into senders of spam e-mail.
. . .
The e-mail message that carries Sobig.F has the subject line “Re: Details” and the message “Please see attached file for details.” If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected.
The virus will then send itself out to names found in the victim’s address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.
Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.
Excerpt of “New Fast-Spreading Sobig Worm Adds to ‘Worm Week’” by Elinor Mills Abreu from Reuters:
Sobig.F, a variant of an older worm, began spreading on Monday in Europe and has infected an estimated tens of thousands of Windows-based computers, said Patrick Hinojosa, chief technology officer at Panda Software, based in Madrid.
It arrives in e-mail and includes a variety of subject lines, including “Your details,” “Thank you!,” “Your application” and “Wicked screensaver.” It has caused some corporate e-mail systems to grind to a halt, according to Sophos Inc.
When the .pif or .scr attachment is opened, Sobig.F infects the computer and sends itself on to other victims using a random e-mail address from the address book.
It also prepares the computer to receive orders and tries to download files from the Internet, said Hinojosa. It was unknown exactly what files they were, he said.
If the infected computer is on a shared network, the worm tries to copy itself to the other computers on that network.
The worm is programmed to stop spreading on Sept. 10.