certified psycho
08-22-03, 01:41 PM
The SoBig.F e-mail virus that clogged inboxes this week with returned-mail messages may be planning to download software onto infected machines Friday afternoon.
The downloads are expected An expert at antivirus company F-Secure said it's not known what the function of the software would be; he said it could be anything from playing a game to destroying files or stealing passwords.
The download attempt is expected to run every Friday and Sunday.
The Los Angeles Times reported that SoBig.F is one of the first viruses to open a "back door" in infected systems that allows unauthorized connections.
F-Secure said in a press release that the possibly malicious program will try to get infected machines to connect to an encrypted list of computers hidden in the virus body. The list contains the address of 20 computers located in United States, Canada and South Korea.
One of the companies directors, Mikko Hypponen, said the systems appear to be home computers with always-on connections.
Computers that connect to the 20 machines will apparently be given a Web address from which they will download and run another program -- the one that could cause damage.
So far, SoBig.F hasn't be able cause any direct damage to an infected machine; However it can damage e-mail systems by sending out a high volume of mail to e-mail contacts. The worm takes an address from an infected computer's address book and uses that as the "from" line in dozens or hundreds of e-mails it sends out, making them appear more like legitimate mail.
That flood of "spoofed" e-mail results in returned-mail and "virus found" messages for users who don't have the virus.
If your e-mail program allows you to, you can deflect some of those messages by setting rules or filters for your inbox, funneling messages to your deleted items folder.
In popular e-mail clients such as Microsoft Outlook and Outlook Express, go to the Tools menu to set up the rules. In Outlook, look for the "Rules Wizard." In Express, look for "Message rules." You can elect to have messages with troublesome subject lines -- such as "Thank You!" "Your details," "Details," "Wicked screensaver" -- automatically deleted, or you can create a special folder the program diverts the mail to. That way, you can review the messages to make sure nothing legitimate is deleted.
Corporate antivirus company Postini -- which says it has processed 101 million email messages in the last 24 hours -- found that one in 19 messages was infected with a virus.
The worm is set to expire Sept. 10, but don't wait until then to delete it. Symantec has a program that you can download to remove SoBig, which lists itself on a computer as winppr32.exe. to start at 3 p.m. Eastern Friday.
The downloads are expected An expert at antivirus company F-Secure said it's not known what the function of the software would be; he said it could be anything from playing a game to destroying files or stealing passwords.
The download attempt is expected to run every Friday and Sunday.
The Los Angeles Times reported that SoBig.F is one of the first viruses to open a "back door" in infected systems that allows unauthorized connections.
F-Secure said in a press release that the possibly malicious program will try to get infected machines to connect to an encrypted list of computers hidden in the virus body. The list contains the address of 20 computers located in United States, Canada and South Korea.
One of the companies directors, Mikko Hypponen, said the systems appear to be home computers with always-on connections.
Computers that connect to the 20 machines will apparently be given a Web address from which they will download and run another program -- the one that could cause damage.
So far, SoBig.F hasn't be able cause any direct damage to an infected machine; However it can damage e-mail systems by sending out a high volume of mail to e-mail contacts. The worm takes an address from an infected computer's address book and uses that as the "from" line in dozens or hundreds of e-mails it sends out, making them appear more like legitimate mail.
That flood of "spoofed" e-mail results in returned-mail and "virus found" messages for users who don't have the virus.
If your e-mail program allows you to, you can deflect some of those messages by setting rules or filters for your inbox, funneling messages to your deleted items folder.
In popular e-mail clients such as Microsoft Outlook and Outlook Express, go to the Tools menu to set up the rules. In Outlook, look for the "Rules Wizard." In Express, look for "Message rules." You can elect to have messages with troublesome subject lines -- such as "Thank You!" "Your details," "Details," "Wicked screensaver" -- automatically deleted, or you can create a special folder the program diverts the mail to. That way, you can review the messages to make sure nothing legitimate is deleted.
Corporate antivirus company Postini -- which says it has processed 101 million email messages in the last 24 hours -- found that one in 19 messages was infected with a virus.
The worm is set to expire Sept. 10, but don't wait until then to delete it. Symantec has a program that you can download to remove SoBig, which lists itself on a computer as winppr32.exe. to start at 3 p.m. Eastern Friday.