SoBig Email Worm Virus

Dennis Faas's picture

Candice W. writes:

" Dear Dennis,

I was hoping that maybe you could help me: I found your website though a search. Lately, I've been getting a bunch of returned emails from people I don't even know, and most of these emails contain viruses ... I have written to Hotmail's tech support, but all I get is automated responses telling me that it doesn't pertain to my hotmail account. But, I beg to differ because it is my account, and it's a huge problem! Can you tell me what I can do to get this to stop? "

My Response:

The problem Candice is experiencing is due to a Virus called SoBig, which is currently running ramped on the Internet. In short, the SoBig worm arrives via email as an attachment; once the attachment has been executed, the worm attempts to propagate itself by mass-mailing the contacts it has collected from the host computer.

http://www.sophos.com/virusinfo/analyses/w32sobiga.html

After regaining access to the Internet this Saturday, I was unpleasantly surprised to find well over 2,000 SoBig virus-infected emails waiting to be downloaded to my Inbox. The picture below is a snap taken from MailWasher Pro (a program I use to manage viruses and Spam), and shows just how quickly SoBig was able to propagate to my email address. Note the date stamp of each letter.

Yikes!

Removal / Coping with SoBig

If your system is infected with SoBig, you can download a free virus scanner (link below) and remove it from your system. A good firewall (such as Zone Alarm; link below) will also alert you of any programs which try to access the Internet without your permission.

http://www.infopackets.com/hacking+hackers+hack.htm

Unfortunately, removal of the worm will not stop it from propagating to your email address because it is very likely that your email address is present on someone else's system, and the worm is likely to spread again and again.

What to do?

There really isn't any way to stop the worm "dead in its tracks" per se, and Internet Service Provider (ISP) Mail Filters certainly won't stop all virus-related incidents from slipping through -- especially in Candice's situation. There is, however, software such as MailWasher Pro* (as seen in the picture above) which can certainly help anyone to cope with email annoyances, especially the SoBig worm.

Side note: MailWasher Pro is software which retrieves information about email messages from your mail server (before it is downloaded to your computer). Using Heuristics, BlackLists, WhiteLists, and access to live Spam DataBases, MailWasher Pro is able to accurately determine and remove email messages which are likely to be unsolicited (Spam) or contain a virus.

In the case of the SoBig Worm, I was able to configure MailWasher Pro to detect and accurately mark nearly 100% of all SoBig virus related emails and remove them before they had a chance to download to my system.

In tomorrow's issue of the Gazette, I will outline the Rules I used to stop SoBig (in conjunction with MailWasher Pro) -- including the removal of erroneous emails from PostMaster and MailerDaemon!

For now, please feel free to get acquainted with the features of MailWasher Pro by reviewing an article I recently published in the Gazette (if you haven't already read it):

MailWasher Pro Review

Rate this article: 
No votes yet