NEW YORK – A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm.
The new virus, named "Sobig.F (search)" by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.
MessageLabs Inc. (search), a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day.
"It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said.
The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time.
The e-mail message that carries Sobig.F has the subject line "Re: Details" and the message "Please see attached file for details." If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected.
The virus will then send itself out to names found in the victim's address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.
Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.
The Blaster (search) worm is still at large. It uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site on Saturday proved harmless.