The Sobig.F Worm Infects Thousands of Computers Around The Globe

Panda Software offers all users its free PQREMOVE utility, designed to clean and restore computers affected by this malicious code

MADRID, August 19, 2003 – The newly detected worm Sobig.F is spreading quickly causing a large number of incidents around the globe, according to gata collected by the multinational’s international tech support services.

To fight this epidemic, Panda Software offers all users its free PQREMOVE utility, designed to clean and restore computers affected by this malicious code. This tool can be downloaded from http://www.pandasoftware.com/download/utilities.

Sobig.F is programmed to spread rapidly via e-mail using so-called social engineering techniques to trick users. Both the subject and text of the message the worm uses to spread, as well as the attached file, are variable.

Once the user runs the attachment carrying the worm, Sobig.F uses its own SMTP engine to send itself out to all the e-mail address it finds in the files with the following extensions TXT, HTM*, WAB, DBX and .EML on the affected computer. It also copies itself to the affected computer under the name winppr32.exe and creates several entries in the Windows Registry in order to ensure that it is run whenever the affected computer is started.

According to the latest analyses carried out by Panda Software’s Virus Laboratory, Sobig.F can also download files from the Internet. Besides, it has backdoor functions, which allow it to open several communication ports. Finally, it can spread across local networks.

Panda Software advises users to update their antivirus solutions immediately. The multinational antivirus manufacturer has already released the updates, which ensure their antivirus solutions detect Sobig.F. Therefore, if your software is not configured to update automatically, you can update it from the company’s website at http://www.pandasoftware.com.

Users can also detect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com.

Detailed technical information on Sobig.F is available from Panda Software’s Virus Encyclopedia

About Panda Software’s virus laboratory
On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users