SoBig virus variant rapidly inflecting Windows machines; Macintosh unaffected

“Welcome to the summer of the worm,” writes Dennis Fisher for eWeek. “Hard on the heels of the Blaster worm outbreak, yet another version of the resilient and ever-popular SoBig virus began spreading rapidly on the Internet Tuesday morning. Known as SoBig.F, the new variant behaves much like its older siblings, infecting Windows machines via e-mail and sending out dozens of copies of itself.”

Fisher reports, “The variant began spreading early Tuesday Eastern time, and by 9 a.m. Tuesday, MessageLabs Inc. had stopped more than 10,000 copies. The virus size is approximately 73 KB, and the attachment that actually contains the malicious code can carry any one of a number of names, according to iDefense Inc., a security company based in Reston, Va… SoBig.F installs a copy of itself in the Windows registry, in a file named ‘winppr32.exe.'”

Full article here.

36 Comments

  1. More recent Outlook viruses *do* affect Mac users. With most viruses spoofing the sender’s address now, it means you may get lots of email from irrate people who think *you* gave them a virus. This guy is from MacNetJournal is currently snowed under with messages:
    http://boingboing.net/#200444022

    My wife got a bunch of virus-related messages on her Mac last week; she was annoyed. I told her she didn’t have to write back to everyone explaining she coulnd’t get it or spread it; she could delete the messages and forget about it instead. It’s not her problem…

    With these new worms, poor Windows users can’t even tell who’s got it anymore. My boss got a bunch of them on his PC a few weeks ago. He couldn’t tell if he even had the virus or not but had to deal with it somehow, so he decided to buy a Mac instead.

  2. affecting the user yes, affecting the computer operations *not*. Macs are – to my last checking it – capable of be online. Hnece they WILL receive as many virii and macros as a straw-man PC.

    The PC gets affected, the Mac not. We are talking about disruptive actions from the worm/virus that will bring your computer to its knees.
    Does happen on PCs, does not on Macs.

    Macs can be asymptomatic hosts of Micros**t virii/worm. They do not harm your system but may destroy the next PC you happen to infect.

    So to eliminate any confusions there migh be on all these thread: you can get them – you are online are you? – and you may infect other PC.
    They cannot harm your system but you may transmit them.

  3. And by the way: using Outlook is like being naked on a secluded beach with a bunch of horny ex-cons just out of jail and be surprised you get bang-raped.

    Trash the Outlook crap already.
    Even corporate IT now realize Outlook should be banned from use.

  4. You COULD get the email and send it on to a PC who would get infected… but why would you send the virus email to them anyway? Other viruses/worms, that don’t arrive as emails, could not get on your Mac at all.

  5. Indeed: the focus was on having Outlook virii (which are actually Outlook macros) but the attachment can contain an exe as well which would be a real virus.

    On a Mac you may not realize that the attachment contains a macro and pass it on. There has been – for example – macro spreading through email containing – low and behold – a virus alert. The naive user would the pass it on to all his friends even thinking s/he was doing the right thing. The attachment does not work (does not even start or open) on the Mac but the naive user believe it is integral part of the warning.

    I once taught computing and informatics to an adult school. You would not believe what people believe computers are and what could do ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

  6. To close with a detail on MSBlaster. This virus is exploiting a flaw in the buffer overrun of Microsoft’s Remote Procedure Call implementation, MSBlaster opens a comms port (#135) and sucks in its own code, turning the attacked machine into another attacker, and so it proliferates. Macs do not get the virus and do not pass it on.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.