Subject: VIRUS WARNING UPDATE: SOBIGvirus
the worst ever? Date: Fri, 22 Aug 2003 16:43:12 -0400
From: "Kas and Jim"
For the past three days, I've been getting e-mails with the W32.Sobig.F@mm virus attached. Our ISP has been capturing most of
them, fortunately, so only the cleaned messages get through to us, but there are tons of them. According to Symantec, it was discovered on the 19th of this month. The first day, there were a few messages with the attached virus in our inbox, the second day a lot more, and today they're flooding in. I checked the e-mail about 7:30 this morning, and there were quite a few of them in it, which I deleted. When I just checked it again, about six hours later, there were dozens of them,I'd say about a hundred. I shudder to think how many will be in there tomorrow, if this geometric progression continues. I can easily imagine it possible that e-mailing will be made impossible or destroyed, just from all the millions of virus messages piling up in the system.
In my recent web-research on this virus, at the following sites and others, I've learned that this one probably isn't the usual kiddy hacker prank.
This is probably a serious weapon launched by a criminal enterprise. It's ultimate purpose may be the acquisition of credit-card data on millions of people.
As such, it may spell the death of on-line commerce. A less malignant purpose of the virus may be facilitating "spam" advertising. That possible scenario is bad enough.
The sheer volume of message traffic bearing the worm has the potential of completely shutting down E mailing, as we know it. We'll know the ultimate purpose of this weapon on Sept. 10, when it goesinto its active phase. In the worst-case scenario, if a commerce site with which you've done an on-line credit card transaction is infected, on Sept. 10 your credit card information may be sent to the criminal enterprise responsible for the worm.
This is a very serious posssibility.
Below are some URLs for information on the seriousness of this virus, and its possible ramifications. There are other relevant links from these sites.
It's very important to keep your virus-protection software updated, and have the latest patches from Microsoft installed on yoursystem.
http://www.microsoft.com/ can give you information on this and other recent mass attacks, and has a link for downloading the latest system patch. Needless to say, Microsoft's sloppiness in releasing millions of operating system copies before making sure that all the holes are plugged is responsible for the "success" ot the recent MSBlaster epidemic; but the SOBIG virus is spreading so wildly just because sufficient gullible people have been clicking on virus attachments showing up in their in-boxes.
Be extremely careful about opening any attachments, even from addresses you recognize. I've received virus messages from entities
I recognized, although they weren't in my own address file, although I might have been in theirs, and I've also received bounce-back
notifications from entities I've recognized. This virus, once it has embedded itself, sends out messages using addresses in the
captured address book as the "from" address. So, if you get a bounceback message to do with a virus, this doesn't necessarily
mean that your computer is infected, it just may mean that your address is in the address book of an infected computer.
You should run a virus scan, using updated virus definitions just to be sure that your computer isn't infected. Symantec's is at:
Mcafee has a free on-line service called FreeScan, which will scan your system for
you, using all the latest virus definitions:
It is well worth going to the trouble of scanning your system for viruses and worms. Here are
the subject names used for theW32.Sobig.F@mm virus attachment, the current variant which is clogging inboxes.
Don't open any attachment with any of these in the subject line:
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
At this point, it's likely that you've encountered some or all of these. If you did encounter them,
I hope you didn't open them. If you did so, your computer is probably infected.