News

Sobig virus returns posing as Bill Gates message

Daniel Thomas
Internet users have been warned about a virus spreading widely across the web, sometimes posing as an e-mail from Microsoft chairman Bill Gates.

The Sobig-C mass-mailing worm spreads via e-mail - forwarding itself to email addresses found on the infected computer's hard drive - and network shares, security experts said yesterday (2 June).

When forwarding itself on to other computer users the worm spoofs the "From:" field either using addresses found on the computer's hard drive or "bill@microsoft.com".

Infected e-mails contain subject lines such as "Re: Movie", "Re: Approved", or "Re: Your application" and contain the message "Please see the attached file". The worm can use a number of different attachment names including screensaver.scr, movie.pif and documents.pif.

"Many users are cautious of EXE and VBS files which arrive in their inbox, but may not realise that PIF and SCR files are equally capable of containing viruses," said Graham Cluley, senior technology consultant for internet security firm Sophos Anti-Virus.

"Businesses should automatically block all executable code at the email gateway - it's the easiest way to avoid infection by a brand new email-aware worm."

W32/Sobig-C is related to the W32/Sobig-A and W32/Palyh-A worms which infected many systems earlier this year.

Sobig worm spreading fast >>


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy