[Histonet] Worst week for computer virus!

Linda Jenkins jlinda <@t> ces.clemson.edu
Wed Aug 20 13:03:16 CDT 2003


Dear HistoNetters,
         Having spent all morning eradicating the "So Big" virus and 
"Stinging" my PC to clean it, I just wanted to share some info with 
you.  DO NOT BLAME THE HISTONET OR YOUR COLLEAGUES FOR THE VIRUS.
         Stupid me...I thought a vendor had sent me a new movie of  their 
equipment and tried to open the movie!  Bad mistake:-(  Anyhow, here is the 
web address of a site that should be helpful:
http://antivirus.about.com/library/weekly/aa081903a.htm

Part of the article is as follows:
Tuesday, August 19, 2003: A new SoBig variant has sprung forth, sending 
huge volumes of infected email to thousands of unlucky recipients. Like its 
predecessor, SoBig.E, SoBig.F sifts through files on infected users' drives 
to obtain email addresses which in turn are sent the worm. SoBig.F also has 
the same insidious twist found with SoBig.E. The worm sends itself as if 
"From" one of the addresses found on the infected users' system. This not 
only leaves an innocent party dealing with angry email accusing them of 
sending the worm, but they also must contend with "out of office" replies 
and undeliverable notifications for email they never sent.
Sorin Dudea, Head of Virus Research at BitDefender says he has never seen 
such fast spreading in such short time: I have colleagues in the commercial 
team that have already received thousands of infected e-mails and they just 
keep receiving them", Sorin concluded.
In his technical paper, Sobig.e - Evolution of the Worm, Joe analyzed the 
workings of the various variants of SoBig, noting the worm's primary goal 
was "to create a massive network of anonymous proxy servers for the purpose 
of spam." He further speculates, "This is likely a financial endeavor for 
the author alone or perhaps in concert with a gang of criminals, supporting 
themselves through spamming, identity theft and bank fraud.
Joe attributes this newest release of SoBig.F to the Blaster worm, noting, 
"the Blaster worm caused many people to install antivirus software which 
detected and removed previous Sobig infections as well. This probably 
severely diminished the number of proxy servers installed by the Sobig 
worm, forcing the author to re-release to keep the numbers up."

         Hope this is helpful!
         Linda


Linda Jenkins, HT
Clemson University
Dept. of Bioengineering
Clemson, SC 29634-0905
864.656.5553
http://www.ces.clemson.edu/bio/research/histo/histo.htm





More information about the Histonet mailing list