SARTRE WAS RIGHT

New strain, old refrain: The SoBig virus is not new, and the current version may be the precursor to something far more destructive. Jack Schofield explains how to protect yourself (The Guardian, August 21, 2003)

The problem with SoBig is that it does not exploit a flaw in Microsoft Windows. If it did, we could patch the flaw and stop it. Instead it exploits flaws in human nature and the internet's email system. SoBig only works in Windows, but there's no reason why it couldn't be adapted to any other system.

SoBig is a mass-mailing worm program. It arrives as an email attachment called thank_you.pif, wicked_scr.scr, or something similar. If you run the attachment by double-clicking it, the virus installs itself, searches a range of files for email addresses, starts its own email server, and then sends out lots of copies of itself.

It looks as though the virus writer started the current attack by spamming a large number of addresses. From there, the spread of SoBig depends on people being gullible enough to open an unsolicited attachment. There is apparently no shortage of gullible people. [...]

You can find out if your PC is infected with SoBig.F by searching for afile called winppr32.exe. While you are at it, search for the
previous version, winssk32.exe, too. You can remove it by running a free program such as McAfee's Stinger or Norman's SoBigFix or by updating and running your usual anti-virus software.

Better still, delete SoBig email on the server, without even downloading it to your inbox. Mailwasher is a free Windows program that makes this simple. It is particularly suitable for people who collect their email in batches.

Hell is other people... Posted by Orrin Judd at August 21, 2003 8:18 PM