 |
variant of the Sobig virus |
|---|
| Thu, August 21 2003 | 10:07PM | PermaLink |
Feedback? |
|
When it spreads via e-mail, the virus fakes an e-mail address to hide its origins and regularly changes its form and the subject lines of messages it creates to make it harder to spot.
When it infects machines, it harvests e-mail addresses from Outlook address books and net page memory stores.
The suffix of the attachment bearing the virus also changes regularly but most often the malicious program masquerades as a screensaver (.scr) or a Windows program information file (.pif).
The filename of the attached file that actually contains the virus code also changes regularly to make it harder to spot.
"The author of the Sobig worms has pulled this particular confidence trick several times before," said Graham Cluley, senior technology consultant at anti-virus firm Sophos.
"Releasing Sobig variants on different days of the week, and using slightly different subject lines and filenames, suggests that the worm's author may be trying to find the 'perfect' conditions under which his viruses can spread most quickly," he said.
|
|
FULL STORY @
Archived from BBC
http://news.bbc.co.uk/2/hi/technology/3164861.stm
CURRENT Software News on PCSTATS
|
|
|
|
|
RSS Newsletter