Sobig.f Worm After three Years of Manipulation

The third year anniversary of the Sobig.f worm is scheduled this Friday. Commenting on the role of the worm in creating great number of phishing attacks and spyware, a security researcher said the worm would make more forceful attacks in its next cycle.

The meeting of threats has become pronounced. In the past spam and viruses were separated as two groups. But now they are beginning to merge to make combined approaches of attacks. When Sobig.f emerged in August 2005, it was a self-enhancing virus. Gradually it started manipulating 'open relay servers' and 'proxies' to infect widely. MessageLabs estimated Sobig.f to result $1 billion worth damages in lost business, productivity and wind-up costs.

According to Mark Sunner, CTO of the UK-based security vendor MessageLabs, the present small, targeted attacks are a direct outcome of Sobig.f's efficacy. Earlier mass mailing used malicious code model of Sobig.f. But now this is being replaced by increased phishing attacks, which attackers attribute to social engineering techniques.

On the eve of Sobig.f's three-year anniversary, Sunner talked about the next three-year cycle. At the time the virus first hit a computer, the user had to stop the work; find out whom to consult; and implement fix-it solutions. All this resulted in lost time and productivity leading to lost revenue.

This virus was characterized to send huge files, which used up lot of storage space in the system and possibly disallowed relevant messages to get through. This not only wastes a company's resources but also its reputation when the virus sends mails to others, disguising itself in the established company's name.

Online attackers are now gathering information about specific individuals and groups who use spyware tactics and techniques. The criminals then use that information to make their own phishing attacks and launch various identity thefts.

Businesses can't control the frequent and ever evolving newer threats. What they can control are vulnerabilities. This is where a security solution is most needed. A multi-layered approach to IT security should be adopted, which include an Internet-level protection. These way businesses can take a pragmatic approach enabling them to quantify risk and decide on appropriate measures.

Related article: Spike in Attacks Causes Early Release of Windows Patch

» SPAMfighter News - 9/16/2006