Slashdot Mirror

← Back to Stories (view on slashdot.org)

W32.Sobig.E@mm Worm Spreading Rapidly

Posted by CowboyNeal on from the guelah-papyrus dept.

mabu writes "Apparently there is another worm spreading online. Symantec has upgraded its severity to 'category 3.' This worm appears to primarily affect Microsoft systems, has an expiration date of July 14th, and searches users' machines for select files containing e-mail addresses that it uses to propagate itself."

4 of 547 comments (clear)

  1. Fortunately... by Hadlock · · Score: 5, Interesting

    I have an "early slashdot worm story alert system" built in to my DSL connection. I found out about this around midnight last night, when my DSL connection proceeded to crawl to a slow, and even google was returning results with considerable lag.

    Anyone else so lucky to have a system such as mine? This works well on the UTA campus network, also. At least, a worm story has been reported w/in 24 hours of every noticable long slowdown of the net for me...

    --
    moox. for a new generation.
  2. Why Never Apple? by Bloodmoon1 · · Score: 5, Interesting

    Ok, this is a serious question, not an attempt to start a flame war or anything, but why does this always happen to MS systems? I use a Mac and have only had to work with Windows at my college and a few other times here and there. I've NEVER seen a live Mac trojan or worm and have only ever encountered one virus (the 666 one) that wasn't really malicious and only added some extra resources labeled "(Box thingy)666" in an application's resource fork that caused an application to run a little slower. And that was 4 or 5 years ago in OS 7.5 or 8.

    Now, I understand the "security through obscurity" theory that basically says Mac's have far fewer virii problems than PCs because not nearly as many people use Macs, but that's sort of a dead idea nowadays. While we don't have nearly the numbers of any MS OS, by Apple's numbers, there are 7 million users of OS X, which makes the current number of users in the OS X community about as large as the populations of Hong Kong (7,303,334) or Switzerland (7,301,994), and about 1 million more people than the pop. of Israel (6,029,529). (Go on, check my numbers.) And just for good measure, add to that the fact we now have a more or less Unix based OS and therefore must have some common ground with numerous other OSes. It's not like we're a tiny little niche to go after, or one that no one knows how to program for. Hell, Apple even gives away developer tools to write out and compile programs. So why don't we ever see any worm, trojan, or virus outbreaks for OS X?

    --

    Request: ECM unit, 1000 km fullerene cable, 1 tactical nuclear weapon. Reason: Birthday party for foreign dignitary.
  3. Re:They don't make em like they used to by Peer · · Score: 5, Interesting

    Is this a subtle way of trying to say "Yes it's another fucking windows virus" without sounding like we're anti windows?

    The register is less subtle (almost advertising other platforms);
    As usual, the worm affects only Windows PCs. Linux and Mac users are immune.

  4. Here is how I got infected yesterday... by StressGuy · · Score: 5, Interesting

    1) Had an e-mail from a ".mil" domain (forget the actual address)

    2) Having recently mailed some questions to some government research agencies, I assumed this was a response to one of them, so, I opened the e-mail (I use Mozilla).

    3) No message in the e-mail, just an attachment called "your_application.zip". This was a tad suspicious so I copied the file and scanned it with a corporate edition of Norton Anti-Virus last updated on June 18th.

    4) Virus scan came up clean so I opened the file. After seeing that it was only a ".pif" file, I started to get concerned, tried to edit the file by right-clicking and the edit option didn't show. At this point, I'm pretty sure it's a virus.

    5) Examined the header information from the e-mail and discoverd that it actually originated from another office computer and the "from" address was spoofed. Now, I'm all but certain it's a virus.

    6) Went to the Symantec website and, sure enough, the virus information is there along with notification that the patch was only available since June 25th.

    7) Downloaded their fix tool and checked all computers in our office for evidence of infection. Was able to clean them all.

    So, even though I was relatively careful, I was still able to get infected. Primarily because:

    a) The "From" address was an expected source.

    b) I do occasionally get legitimate e-mails that are only an attachment with no text.

    c) This particular virus was so new that my virus scanner was not sufficiently up to date.

    FYI, I guess...

    --
    A goal is a dream with a deadline