Sobig the biggest so far

End users may not be noticing its effects yet but the fastest growing worm on the internet to date has been pummelling Xtra's mail servers.

End users may not be noticing its effects yet but the fastest growing worm on the internet to date has been pummelling Xtra's mail servers.

The Sobig F worm is the latest version of the Sobig virus that struck in January. Appearing as an attachment to emails with the subject lines like "Re: Thank you!" "Your details" and "Re: wicked screensaver", the virus will attempt to send copies of itself to anyone in the user's Outlook address book.

The worm has spread so quickly it's been dubbed the fastest spreading worm on the internet today. The virus comes hot on the heels of both the Blaster virus and its nemesis, the Nachi virus and is causing trouble around the world.

Here in New Zealand the country's largest ISP Xtra blocks viruses at the server, so hopefully end users won't be experiencing quite the same level of anxiety as they are overseas.

Spokeswoman Anna Kermode says Xtra has seen a ten-fold increase in the number of viruses it's blocking today.

"And of that increase, 95% is down to Sobig."

Kermode says the traffic to Xtra's mail servers has increased by 10 to 20% overall.

TelstraClear has also noticed an increase in the volume of virus traffic this week.

Spokesman Mathew Bolland says "it's been a shocker all right". TelstraClear will introduce an anti-virus and spam filtering product from September, although in the past it has filtered for specific emails at the server.

Unlike earlier strains of Sobig, the F-strain is more savvy in its efforts to trick users into opening the infected file that launches the worm.

All versions of the original Sobig worm were sent from the same email address,, and a later variant posed as an email message from Microsoft chairman and chief software architect Bill Gates. In contrast, Sobig.F inserts email addresses stolen from the victim's computer into the "From:" field, creating the impression that the email was sent from a trusted source, F-Secure says.

Like earlier Sobig variants, Sobig.F comes with an expiration date. The worm will stop spreading on September 10. Copies of Sobig.F that are launched after that date will shut down immediately, F-Secure says.

In the past, new Sobig strains have appeared soon after previous strains expired.

Antivirus companies recommend that customers update their antivirus software and have posted instructions and free tools for disinfecting machines infected by Sobig.

Paul Roberts of the IDG News Service contributed to this report.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags SoBig

More about BillF-SecureIDGMicrosoftTelstraClearXtra

Show Comments