Sobig gains momentum

Antivirus experts are cautioning against a new mass e-mailing worm that is spreading fast around the globe.

Identified Friday, the W32/Sobig virus was recently upgraded from low to medium risk by Network Associates – the makers of McAfee security products – due to an increase in prevalence over the past 36 hours.

According to an advisory from the company, the virus arrives in e-mail format from While Network Associates warns of the potential changes to the subject line, the majority of messages read “Re: Movies,” “Re: Sample,” Re: Document,” and “Re: Here is that sample.”

The attachment presents itself as a PIF (process interchange format) file and uses one of the following filenames: Movie_0074.mpeg.pif; Document003.pif; Untitled1.pif; and Sample.pif.

According to Symantec Corp, makers of Norton Antivirus software, to combat the Sobig worm, PC users should abide by some simple rules:

– Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

– Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

– Configure your e-mail server to block or remove e-mail that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

– Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

For more information or for removal tactics visit, or