Sobig Can Update Itself, Experts Say

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://www.techweb.com/wire/story/TWB20030820S0013

"The Sobig e-mail virus on Wednesday spread unabated for a second
day across the Internet, as security experts discovered the malicious
program also had the ability to update itself."

"Network Associates Technology Inc., another anti-virus vendor, said
that as of Wednesday, 3 percent of its consumer customers had reported
receiving Sobig.F through their email, which amounts to 2,040 PCs out of
68,000. "This is the largest amount of traffic we've seen this
quarter in the amount of mail being generated (because of a virus),"
a spokeswoman said."

"... Sobig is unusual in that it has the abillity to go out into the
Internet from its host PC and update itself with new capabilities, Huger
said.  Those capabilities could include tools for denial-of-service
attacks or relaying spam. "It's entirely up to the author (of the
virus)," Huger said. "It can download whatever its heart
desires."  Because the worm and its variants have been
spreading for months, the author controls a vast network of PCs, but
"what he or she is doing with them is still anybody's
speculation," Huger said."

Cheers (anyway :-),
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************