Virus watch: Should we be braced for the return of Sobig?

Is it already a day late?
Written by Will Sturgeon, Contributor

Is it already a day late?

The frequency of previous Sobig variant infections suggests we should be bracing ourselves for the next iteration of the fast-spreading worm any day now. Sobig has caused havoc for computer users over the past few months, but the latest variant died out on 10 September and now it is only a matter of time until the next one strikes, according to leading anti-virus experts. Simon Perry, VP security strategy at Computer Associates, said: "Given the effectiveness of the last version of Sobig, I wouldn't be at all surprised to see a new version come out. As for timing, it is reasonable to assume that we will see one sooner rather than later." Pete Simpson, ThreatLab manager at Clearswift, said: "Sobig was the sixth in a series of controlled experiments by the creator of this worm. We fully expect to see a seventh emerge in the very near future. The intervals between the cessation of the virus spreading and the release of a new version have varied from less than seven to more than 35 days." Given that the last virus self-terminated on 10 September we have already passed the earliest of previous re-occurrences. The motivation behind the Sobig worms also suggests the work of the creator is unlikely to stop now. CA's Perry said: "If it is the case that this was essentially a way to harvest email addresses and then sell them to spam houses, the fact that the IMP addresses it was going to talk to were taken down may add to the monetary motivation to do it again." The Sobig creator represents a new kind of virus writer according to Clearswift. Previously identified were those looking for notoriety and those looking to cause havoc, but now this third breed and the close association with the spam industry represents an individual driven by financial motivation - a more mature, though no less acceptable menace. As ever IT managers are advised to remain alert, check their anti-virus products are up to date and ensure all staff are briefed about the dangers posed by email attachments.
Editorial standards