Thursday, August 21, 2003
You may have steered clear of this week's Sobig.F worm but still not emerged unscathed. This is because the worm uses addresses—maybe yours—it finds on infected machines to propagate itself. The comet tail of this effect is the slew email you might be receiving from spam or virus blocking software, alerting you that "your" send was intercepted because it failed filtering tests.
On an infected system, the worm scans various documents for email addresses. The worm then distributes itself to other inboxes using a built-in SMTP engine. When it distributes itself, it "spoofs" in the "From:" field an email address it finds on the infected machine instead of using the infected user's address. Because the address doesn't match that of the infected machine, it's difficult to trace the string of infected computers. [The Screen Savers]
Mikko Hypponen, manager of anti-virus firm F-Secure, said Sobig F had been written by a spammer looking for ways to get past spam filters.
He said: "For once, we have a clear motive for a virus – money." [BBC News, via Dave Winer]
Thus, even non-Windows users are feeling this one, albeit indirectly.
[Update] Kevin O'Donovan's "thinking jail isn't enough. I'm thinking something involving of a pair of pliers and a blowtorch..."
Unless otherwise expressly stated, all original material of whatever nature created by Denise M. Howell and included in the Bag and Baggage weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.