How sobig works??

[sensible_guy]

I recently got a bulk of sobig into my yahoo accounts. The from addresses seemed to be known by me. Infact they were of my college friends. Now when I read about the worm on symantec they said it was a mass mailing worm and used the cookies stored on the pc and uses smtp. But we have norton installed on all pcs so all outgoing smtp mails are scanned but i have never noticed any one from this virus..
So if any one knows how this worm works exactly please let me know....

[tampabay420]

What is it?
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds. The worm uses its own SMTP engine to propagate from Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address admin@internet.com as the sender.

this should clear things up. the fact that it uses it's own smtp server, could be why it got around yours as far as your antivirues software, it should have detected/cleaned it if properly updated...

[nihil]

Hi, like tampabay420 said, your AV should have spotted this if it was updated and activated to scan e-mails. It may miss ones that dont use your official SMTP engine?

Might I suggest Mail Control by Yariv kaplan http://www.internals.com

This acts like an e-mail "firewall" and should pick up malware that uses its own SMTP engine.

Cheers

BTW it is free for private use

[sensible_guy]

Thanks for your help guys....

[ghostofanonion]

Wasn't the sobig virus the virus that sent lots of pointless mail to people as well as duplicates of itself? Or was that another virus,

forgive my ignorant way's

[frz]

hi. if you want to know the technical details of 'Sobig' virus/worm, visit www.trendmicro.com or www.symantec.com. use their search engine and it will give you a technical description of the virus: how it works and how to remove the virus.