Virus spreads like wildfire
2005-05-04 14:55
Johannesburg - A new computer virus which has infected scores of computers worldwide has been detected, the NOD 32 company said on Wednesday.
Chief Executive Officer Justin Stanford said the virus, Sober.O worm, was first detected on Tuesday and has been spreading rapidly via-email.
According to Stanford the virus was detected through Eset NOD32's Virus-Radar at www.virusradar.com.
"Over 100 000 infected samples have been collected in the last 24 hours, marking this as the worst virus onslaught of the year, said Stanford.
"Sober.O uses its own SMTP engine to spread through e-mail and create outgoing messages from a spoofed sender's address that may use the words 'admin', 'info', 'postmaster', and 'web master", he added.
He said subject lines for these infected e-mails included a password, registration confirmation, blocked email, and mailing error.
Climbing the virus charts
The virus had rapidly risen to the number two spot in the top five, and continues to climb, he said.
Stanford said when the e-mail attachment in the infected message was opened, Sober.O collected e-mail addresses from local files and then used the addresses to send itself out to other computers.
"It will also attempt to delete many files on the system. Once a computer is infected the virus locks the files in the system's memory so that they cannot be easily detected or removed by antivirus products," he said.
For this reason it was important to detect the virus in a proactive way even before a signature update had been created, he adds.
He said Sober.O also sought and destroyed files in the registry that could potentially disable many anti-virus files and firewall programs.
The company is providing a free cleaner for infected systems not protected by the NOD32 anti-virus software.
The cleaner can be downloaded at www.nod32.co.za.
- SAPA