Neil Turner's Blog

Blogging about technology and randomness since 2002

SoBig, so annoying

It looks like someone I know has been infected with the SoBig virus (aka W32.SoBig.A@MM), since I’ve just got one of its suspicious emails. I strongly suggest that anyone reading this adds to their blocklists, so that any emails are blocked.
The virus seems to do a good job at forging email headers – unlike Klez it forges both the From and Return-Path headers, along with nuking the bulk of the Received lines – so it’s almost impossible to find out who sent it. provides a good article about it, suggesting that last week’s Lirva virus (which hasn’t hit me yet) may be to blame for the spread of SoBig, due to the fact that it attempts to disable anti-virus and firewall software.
And if you’re interested, the variety I got was the ‘Re: Document’ variety. Normally MyRealBox is able to filter out virii before they hit my mailbox, but I imagine that since this is a new virus its definitions hasn’t been updated yet.
incidentally, appears to be down, probably related to the email overload. Think about it – every time the virus mails itself to an invalid email address, the mail gets bounced back to them. They must be suffering :(.

One Comment

  1. I have just recwived this e-mail today, at 13-58pm it got as far as my mail box, then i was warned by norton anti-virus , message read, Here is that sample
    from W32.Sobig.A@mm if this helps anyone