Update: A Sobig Primer

By | August 27, 2003
 From the Annoying And Pointless Email Notification Dept comes this: an automated alert from a website that doesn’t quite get it. As you know, the Sobig virus/worm spreads like crazy because it raids people’s address books and then fires off copies of itself to emails it finds there. But to confuse people into thinking the email is legitimate it uses those email addresses so that emails containing the worm appear to be from those people. So if you get infected and your Outlook address book contains the email addresses of Tom, Dick and Harry, those three guys will receive infected emails from you, but they’re also likely to receive infected emails that appear to be from each other — Tom from Dick, Dick from Harry, etc. It’s called email spoofing. With me so far?
 
What it doesn’t mean (and this is where webmasters need to wise up) is that Tom, Dick or Harry are actually infected. They don’t need to have actually opened the infected email (and therefore allow Sobig into their machine) for infected emails to start appearing in their name. So, if you find you’re getting weird bounced emails that appear to indicate you’ve been sending out copies of the Sobig worm (‘The following message was undeliverable’ or somesuch), you may not have been. It may have come from someone who’s got your email address in their contact book. The problem is, of course, that you can’t always tell who, because the email you receive may have been spoofed a dozen times before it got back to you.
 
All this is an inevitable side-effect of a fast propagating worm. Not much you can do about it. What frosts my shorts up is receiving automated emails such as the following:
 
################# VIRUS NOTIFICATION #################
 
A message you sent to
 
[email address of someone I’ve never heard of]
 
contains a virus or a worm, and was NOT delivered.
 

DATE:  Tue, 26 Aug 2003 11:22:45 –0400
SUBJECT: Re: Your application
VIRUS:  W32/Sobig-F
 
It is possible your computer is infected without your knowledge.
Please download a current virus scanner and check your computer.
 
Thank you.
 
######################################################
 
This kind of email is, I’m afraid to say, just dumb. It’s incorrect, it merely confuses people AND it adds to the circulating junk that Sobig has alrady created. Please, please, please, webmasters and anti-virus makers: don’t include this kind of feature in your products or activate them. It’s a waste of time and merely exposes how little you know about the nature of the problem.
 
And for the rest of you, don’t freak out if you get an email like this. For sure, check your anti-virus software is up-to-date and regularly checking your PC. But don’t automatically assume you’re infected, just because some fool says you are.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.