- News>
- Internet & Social Media
New virus spreads by spoofing e-mail IDs
San Francisco, June 27: A new variant of a computer virus spreading around the Internet on Thursday spoofs the e-mail address of the sender, making it difficult to determine the source of infection, anti-virus experts said.
San Francisco, June 27: A new variant of a computer virus spreading around the Internet on Thursday spoofs the e-mail address of the sender, making it difficult to determine the source of infection, anti-virus experts said.
Computer security companies were rating the virus, dubbed "Sobig.e," as a medium risk for both corporate and consumer users.
Although the worm, which is a self-propagating virus, does not do much harm to infected machines, the fact that it masquerades as legitimate e-mail from known e-mail accounts randomly picked from infected computers makes it hard to detect, anti-virus experts said.
The worm, which can affect any kind of e-mail program, infects an individual computer when users open an attachment in the form of a .ZIP-type compression file, said Craig Schmugar, virus research engineer at Network Associates.
The malicious program then mails itself to recipients extracted from the victim`s e-mail address book and can also spread over shared networks, experts said.
Similar to earlier Sobig viruses, this version grabs e-mail addresses on infected computers and randomly picks names to send itself to and other names that it displays as the sender.
"Spoofing (the sender address) can make the viruses last a little longer because in a non-spoofing e-mail you can hit "reply" to that message" and alert the sender that they are infected, Schmugar said.
Subject lines include "Re: Application," "Re: Movie," or any of 16 other simple phrases, according to Symantec Corp.
The new variant was detected on Wednesday but was picking up steam on Thursday.
The origin of the virus and how many computers it had infected were not immediately known.
Symantec received nearly 1,000 submissions of copies of the virus in one day, said Vincent Weafer, director of the Security Research Center at Symantec.
Computer security companies were rating the virus, dubbed "Sobig.e," as a medium risk for both corporate and consumer users.
Although the worm, which is a self-propagating virus, does not do much harm to infected machines, the fact that it masquerades as legitimate e-mail from known e-mail accounts randomly picked from infected computers makes it hard to detect, anti-virus experts said.
The worm, which can affect any kind of e-mail program, infects an individual computer when users open an attachment in the form of a .ZIP-type compression file, said Craig Schmugar, virus research engineer at Network Associates.
The malicious program then mails itself to recipients extracted from the victim`s e-mail address book and can also spread over shared networks, experts said.
Similar to earlier Sobig viruses, this version grabs e-mail addresses on infected computers and randomly picks names to send itself to and other names that it displays as the sender.
"Spoofing (the sender address) can make the viruses last a little longer because in a non-spoofing e-mail you can hit "reply" to that message" and alert the sender that they are infected, Schmugar said.
Subject lines include "Re: Application," "Re: Movie," or any of 16 other simple phrases, according to Symantec Corp.
The new variant was detected on Wednesday but was picking up steam on Thursday.
The origin of the virus and how many computers it had infected were not immediately known.
Symantec received nearly 1,000 submissions of copies of the virus in one day, said Vincent Weafer, director of the Security Research Center at Symantec.
That compares to a few hundred for a typical big virus, he said. Home users seem to be particularly affected, he said.
"It is interacting with spam and getting re-sent around," he said. "Or it is tied on to large mailing lists."
Last year`s infamous "Klez" worm also spoofed the e-mail address of the sender, Schmugar said.
"Klez was probably one of the first where a number of companies made public statements" after they were falsely accused by others of spreading the virus, he said.
Bureau Report