Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Sobig.G is coming after your money!

  • 12 September, 2003 14:03

<p>Clearswift warns of new threat in Sobig worm project</p>
<p>Sydney, 12 September 2003: Sobig G is about to hit PCs around the world, but it can be stopped, according to Clearswift, the leading provider of software for managing and securing electronic communications.</p>
<p>According to Chy Chuawiwat, managing director of Clearswift Asia Pacific, the authors of Sobig are capturing banking and credit card information by using stealth and human engineering.</p>
<p>“Through a series of controlled experiments from Sobig .A to Sobig.F, the authors are learning how to improve their programming and the appeal of their emails. If they follow their typical mode of operation, Sobig.G can be expected in a week or so. But they can be stopped,” said Chuawiwat.</p>
<p>Before Sobig.A in January 2003, virus writers could be categorised into two simple camps: those seeking infamy by spreading their work as far as possible, and those motivated by the intellectual challenge, who would make a copy available to anti virus companies to prove their technical prowess.</p>
<p>The series of Sobig worms fall into neither of these categories. It represents a controlled project, motivated by a new set of objectives.</p>
<p>“We are seeing a new evolutionary stage with the coming together of the skills of the virus writer, the hacker, the spammer and the fraudster. The financial stakes are potentially huge,” said Chuawiwat.</p>
<p>With the exception of the first version, all Sobig worms have operated in a very similar fashion, revealing a cunning plan. Each version had a pre-programmed lifetime varying between eight and 22 days and after the self-termination date it would no longer replicate. Typically, the new version would follow days after expiry of the previous version, but the interval could extend to over a month and in one instance (the E variant) predated the self-termination date by a week.</p>
<p>Three Stage Infiltration
Spreading of each Sobig worm represents the first part of a three-stage exercise. When a user clicks on the email attachment, Sobig infects a PC and then waits for instructions to become available on one or more remote sites. This stage evaded detection by most of the antivirus community until deciphering of the workings of the F version.</p>
<p>When instructions become available, Sobig downloads a backdoor trojan program called Lala from yet another web site. Lala deletes the Sobig worm to cover its tracks and monitors the PC for signs of on-line financial transactions such as banking, credit card details, eBay and PayPal sessions. Lala captures user details and passwords and transmits them in encrypted form to the virus authors.</p>
<p>The Lala backdoor then takes infiltration to a third and final stage. It downloads and installs, from another web site, a copy of a program called Wingate, a proxy server. Proxy servers allow access to Internet services such as the web and email virtually anonymously.</p>
<p>Massive amounts of spam have originated from PCs infiltrated with Lala and then Wingate, following Sobig infection and successive versions of the Sobig worm have been spread by spamming from previously infected PCs.</p>
<p>Chuawiwat believes Sobig.G will probably be more effective than any previous variant, as the author continues to learn from previous efforts.</p>
<p>“However, the widespread publicity attracted by the F variant should make people more careful about opening attachments, as this worm cannot spread without the interaction of end users.</p>
<p>“Forewarning and awareness of the risks may help users think twice before clicking on Sobig.G, which we can expect some time soon after termination of F, on the 10th Sept 2003,’ he said.</p>
<p>What to do
Update anti virus signatures, don’t open emails from unknown people. Don’t click on attachments. The most common subject lines and attachments for Sobig email are Movie, Application, Approved and Screensaver.</p>
<p>For up-to-date analysis of Sobig visit Clearswift’s ThreatLab:
http://www.clearswift.com/support/threatlab/default.asp</p>
<p>For explanation of the motives and modus operandi of the Sobig Project see:
The Sobig Project
http://www.clearswift.com/support/threatlab/resources/The%20Sobig%20Projec%20Front%20page.pdf</p>
<p>- ends -
About Clearswift:
Clearswift is the world's leading provider of software for managing and securing electronic communications. Clearswift delivers the capabilities for organisations to protect themselves against email and web-based threats, meet legal and regulatory requirements, implement productivity-saving policies and manage intellectual property passing through their network.</p>
<p>The company's expertise lies in establishing and enforcing e-policies. Content security threats include the circulation of inappropriate images and text, Spam and oversize files, loss and corruption of data, breaches of confidentiality, as well as viruses and malicious code. More information about Clearswift, its products and services is available at www.clearswift.com</p>
<p>For further information, please contact:</p>
<p>Monica Vardabasso Chy Chuawiwat
Primary Communication Clearswift Asia Pacific
Tel: 61 2 9212 3888, 0414 472 012 Tel 61 2 9424 1220, 0405 181 600
Email: mvardabasso@primary-pr.com Chy.Chuawiwat@clearswift.com.au</p>

Most Popular

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Join the newsletter!

Error: Please check your email address.

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?