PDA

View Full Version : Another Worm: W32.Sobig.F@mm


Brandon Martus
08-21-2003, 08:03 PM
People are receiving e-mails from chiefdelphi.com e-mail addresses, mainly from myself and my dad (Mike Martus). The e-mails say that e-mail sent from us has a virus. We are 100% up to date with our Norton Anti-Virus, and do not have this sobig virus.

The Sobig virus is spoofing ours (and others) e-mail addresses. (see below for an example on how it works)

More Information & Removal:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

How it works:
W32.Sobig.F@mm uses a technique known as "spoofing," by which the worm randomly selects an address it finds on an infected computer. The worm uses this address as the "From" address when it performs its mass-mailing routine. Numerous cases have been reported in which users of uninfected computers received complaints that they sent an infected message to another individual.

For example, Linda Anderson is using a computer infected with W32.Sobig.F@mm. Linda is neither using an antivirus program nor has the current virus definitions. When W32.Sobig.F@mm performs its email routine, it finds the email address of Harold Logan. The worm inserts Harold's email address into the "From" portion of an infected message, which it then sends to Janet Bishop. Then, Janet contacts Harold and complains that he sent her an infected message; however, when Harold scans his computer, Norton AntiVirus does not find anything, because his computer is not infected.