New email worm/virus (

Okay kids, there’s a relatively new worm floating around and I’ve seen at least three people get it in the last 24 hour period, so heads up.

(I did a search and Tuckerfan started a thread about it when it showed up in his in-box, but that was a coupla months ago, when it was only two days old, and I don’t think many people got to see it. Since it seems to be gathering momentum, I thought it warranted a new thread, and one with “” in the thread title.)

It’s called “sobig” and it’s a pretty standard worm with a trojan spoojed onto it.

Here is Symantic’s description.

The email message has the following characteristics:
Subject: The subject will be one of these:[ul][li]Re: Movies[]Re: Sample[]Re: Document[]Re: Here is that sample[/ul][/li]
Attachment: The attachment will be one of these:[ul][li]Movie_0074.mpeg.pif[
Before W32.Sobig.A@mm sends the messages, it sends a message to an address at
The worm also attempts to copy itself to the following folders on all the open network shares:[ul][li]\Windows\All Users\Start Menu\Programs\StartUpDocuments and Settings\All Users\Start Menu\Programs\Startup[/ul]Note: Symantec Security Response has received reports of W32.Sobig.A@mm downloading and installing the Backdoor Trojan, Backdoor.Lala.[/li][/quote]
In case you have opened the attachment, Symantec has provided a
free removal tool to clean your computer.

It practically goes without saying that only folks using any of the various flavours of Windows need be concerned about this-- Mac & Linux users can continue to feel smug and secure. Oh, and I guess Windows users who don’t open e-mail attachments from strangers based on the vague hope that they might contain p.orn are okay, too.

Am I the only one who is dissapointed at these modern ‘virii’? I mean, really - they suck! I doubt the people who ‘write’ these things even know what “40 hex” is. Pathetic, I tell you, just pathetic. Back in the good ol’ days it was almost exciting to get a virus infection, nowadays it’s just stupid. I mean, come on, emailing somebody a pif file? How lame.

Is 40 hex a

I’m with you there. It’s one tiny step away from using a .vir extension. “Oh, look, it’s a virus!”

We just have to convince our friends in Redmond to work it into future versions of their fine OS’s. “This is a virus extension. You need to make Windows hide it by default but treat the file as an executable.” Why not?

This is me, feeling smug and secure on my OS X machine. :slight_smile: And yeah, I’ve noticed a LOT of these “bigboss” emails coming in. Didn’t think much of them, other than they are an irritant.

However, I do have a PC running Windows XP, and occasionally I pick email up on it. (I keep my Mac as my primary email machine to avoid viruses.) I have Norton Virus on the PC, and it has picked up several viruses already.

They got Caught@Work !

I mean, Caught@Work got it, not some nebulous group of people were caught. At work.

Nah - it would automatically default to opening in Microsoft Virus Runner which they’d (illegally) batch with XP.

The worst part is that it would be a hastily thrown together sub-standard program and you’d have to hunt for bloody hours to change the preferences if you wanted .virs to open in anything else.

I guess maybe he DID know :slight_smile:

I suspect that the rest of the post would have looked something like this had he been allowed to finish:

Is 40 hex a great black beast of AAAAaaaaaggghhhh… (didn’t Joseph of Aramathea know what 40hex was?)

But I guess he didn’t feel like typing out “AAAAaaaaaggghhhh…”

I’d nominate myself for the most times I’ve inserted a random python reference into a completely unrelated thread in the past week, except I think I’d lose big-time in this crowd :slight_smile:

But getting [somewhat] back on topic,
But I think the .vir extension is a good idea. I think if anything else it would cut down on the amount of “VIRUS WARNING!” emails that get sent out, since you could just right-click the file and see that it’s a “Virus File”.

I also think outlook should be renamed to “Microsoft Field Incubation Lab for Virii and Worms” or… umm… MFILVW for short. That wasn’t funny at all. If I think of a more clever acronym, I’ll come back (when come back bring virii?). ARGH that was terrible, what is with me today, I think I need more coffee. I’m sorry for wasting bandwidth.

I can just imagine the pop-up helpful paperclip:

You have just downloaded a virus! Would you like to:

  1. Infect your own computer

  2. Infect your friends’ computers

  3. Look for similar viruses on MSN