[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 20 August, 2003, 08:10 GMT 09:10 UK
World wakes up to another virus
Hand on mouse
Be careful of clicking on suspicious e-mails
A deluge of Windows viruses is causing huge problems for computer users around the world.

As consumers and companies were clearing up after the MSBlast and the Welchi worms has come a fast-spreading variant of the Sobig virus.

Sobig F and Welchi are putting a huge amount of strain on network traffic and are slowing corporate systems, security experts said.

Anti-virus firm MessageLabs said it had stopped nearly 307,000 copies of the virus since Tuesday and the BBC has received thousands of infected e-mails.

Confidence trick

The first version of Sobig appeared in June of this year but the newest F variant seems to be the most successful so far.

The e-mail traffic generated by Sobig F is threatening to swamp some corporate networks that are already struggling to cope with the Welchi worm that scans for fresh hosts many times faster than last weeks MSBlast virus.

Like the earlier versions of Sobig, the virus spreads by e-mail and by exploiting unsecured network links between Windows PCs.

All computer users should exercise caution when deciding what is safe to run on their computers
Graham Cluley, Sophos
When it spreads via e-mail, the virus fakes an e-mail address to hide its origins and regularly changes its form and the subject lines of messages it creates to make it harder to spot.

When it infects machines, it harvests e-mail addresses from Outlook address books and net page memory stores.

The suffix of the attachment bearing the virus also changes regularly but most often the malicious program masquerades as a screensaver (.scr) or a Windows program information file (.pif).

The filename of the attached file that actually contains the virus code also changes regularly to make it harder to spot.

"The author of the Sobig worms has pulled this particular confidence trick several times before," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

"Releasing Sobig variants on different days of the week, and using slightly different subject lines and filenames, suggests that the worm's author may be trying to find the 'perfect' conditions under which his viruses can spread most quickly," he said.

Fast spreading

Sobig F has now been seen in 134 countries and currently seems to be most prevalent in the US. MessageLabs said Sobig F was "spreading vigorously".


Anti-virus firms urged users to update security software to block the latest variant.

E-mail users are being warned to be wary of messages bearing subject lines such as: Re: details, Re: approved, Re: Thank You, Re: That movie, Re; Wicked Screensaver or Your Details.

"All computer users should exercise caution when deciding what is safe to run on their computers," said Mr Cluley.

The Sobig F virus has a built-in timer that will stop it working on 10 September 2003.

New web worm tackles bugs
19 Aug 03  |  Technology
Internet worm threat 'thwarted'
16 Aug 03  |  Technology
Home users suffer web worm woe
13 Aug 03  |  Technology
Net security threats turn devious
08 Aug 02  |  Technology
Wiping out the web worm
14 Aug 03  |  Technology
Computer viruses on the up
01 Jul 03  |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific