Next Sobig outbreak 'overdue'

It is only a matter of time till the next version of the Sobig virus starts to spread, say virus experts

The frequency of previous Sobig variant infections suggests we should be bracing ourselves for the next iteration of the fast-spreading worm any day now.

Sobig has caused havoc for computer users over the past few months, but the most recent variant died out on 10 September and it is only a matter of time until the next one strikes, according to leading antivirus experts.

Simon Perry, VP security strategy at Computer Associates, said: "Given the effectiveness of the last version of Sobig, I wouldn't be at all surprised to see a new version come out. As for timing, it is reasonable to assume that we will see one sooner rather than later."

Pete Simpson, ThreatLab manager at Clearswift, said: "Sobig was the sixth in a series of controlled experiments by the creator of this worm. We fully expect to see a seventh emerge in the very near future. The intervals between the cessation of the virus spreading and the release of a new version have varied from less than seven to more than 35 days."

Given that the last virus self-terminated on 10 September, we have already passed the earliest of previous re-occurrences.

The motivation behind the Sobig worms also suggests the work of the creator is unlikely to stop now.

CA's Perry said: "If it is the case that this was essentially a way to harvest email addresses and then sell them to spam houses, the fact that the IMP addresses it was going to talk to were taken down may add to the monetary motivation to do it again."

The Sobig creator represents a new kind of virus writer according to Clearswift.

Previously identified were those looking for notoriety and those looking to cause havoc, but now this third breed and the close association with the spam industry represents an individual driven by financial motivation -- a more mature, though no less acceptable menace.

As ever, IT managers are advised to remain alert, check their antivirus products are up to date and ensure all staff are briefed about the dangers posed by email attachments.