Posted on 06/20/2003 12:19:53 AM PDT by NotQuiteCricket
Yet another variant of the Sobig worm has been detected by security firms, including MessageLabs, Network Associates, and Symantec. And although the new worm is spreading slowly at the moment, if past trends prove true, users should be on the alert.
Sobig.d, which was first spotted Wednesday, is the latest in a line of fast-spreading worms which include self-timed deactivation code that ultimately renders them impotent. Sobig.d will not propagate after July 1. The previous version, Sobig.c, turned itself off on June 8.
Like its earlier incarnations, Sobig spreads via a network or through E-mail: the latter spoofs a sending address of 'admin@support.com' with a variety of subject headings, including 'Re: Documents' and 'Application Ref: 456003.' The worm itself is packaged as an attachment with either a .pif or .scr extension. Infection occurs when the attachment is launched.
(Excerpt) Read more at internetweek.com ...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.