New variant of worm Zipping around the Net
New variant of worm Zipping around the Net
Anti virus experts have upped the level of security threat posed by a new variant of the Sobig virus following a sharp increase in the spreading of the worm.
Sobig-E differs from most viruses in the sense that it travels through the email system in a Zip file attachment, a type of file that most companies' systems allow in, as it is commonly used in business.
However, because the virus is only activated by opening the Zip file and double clicking the file, rather than simply opening the email itself, even if it reaches your inbox, it ought to be fairly straightforward to delete before it does damage.
The message that comes with the email, known in the industry as the "social engineering," is pretty vague and should alert the user that this is not a file they should be opening. The virus has commonly come with a message such as "re:application, re:documents, or re:movie," rather than the Anna Kournikova virus that caused widespread damage thanks in no small part to bored guys in offices hoping to brighten their otherwise dull day with a few pics of the glamorous tennis star.
"People have to go the extra step, and it's that pause while they are unzipping the file when they should think 'Is this the smart thing to do?'," says Russ Cooper of security services provider TruSecure.
In certain instances though, the virus has been known to spoof known email addresses, before sending itself via an internal SMPT engine, which has the potential to entice users to open the rogue file.
This has prompted antivirus vendor Network Associates to up its risk alert to medium, with Symantec also upping its categorisation of Sobig-E from a level two to a level three risk.
The fact that most system will let the virus through because it is contained within a Zip file may result in a spate of new viruses using the same method to get through defences as virus and worm authors exploit Zip files as a means of attack. The lesson to take from this is not to rely on antivirus products to detect all viruses.
Related Article: