Sobig.F Targets Jupitermedia

Jupitermedia, the parent of this Web site, is working with law enforcement authorities to stop the destructive Sobig.F worm.

The mass-mailing Sobig.F worm, which is hammering corporate networks, has falsely implicated Jupitermedia Corp. by forging email headers listing [email protected] as the sender.

“Jupitermedia Corp., publisher of the internet.com Network, is not the sender or source of this worm, but rather is a victim like many other companies. Jupitermedia has contacted law enforcement and is working closely with them and others in the private sector to try to put a stop to this,” the Darien, Conn.-based company said in a press statement. Other company email addresses are also being spoofed by the worm.

“Anyone with information regarding the source of this worm can contact [email protected] or the U.S. Secret Service Electronic Crimes Task Force at (718) 840-1220, the company said. Jupitermedia is parent company of internetnews.com.

The email spoofing was highlighted by Symantec on a page of its Web site detailing Sobig-F. However, anti-virus company has since updated its Sobig.F advisory to confirm that Jupitermedia is NOT the sender.

“The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company,” Symantec said in its revised advisory.

F-Secure also updated its alerts to confirm that the sender information on the emails “is wrong and doesn’t indicate the real infected user.”

Because anti-virus definitions and email filters have been updated to block activity from the [email protected] address, Jupitermedia’s IT administrators have been working overtime to deal with million of bounces on Monday and Tuesday when Sobig.F started wreaking havoc.

Jupitermedia CTO Mark Berns told internetnews.com the company had already handled more that 3 million bounced emails in the past two days. On a normal day, bounced emails total about 120,000 but Berns said returned mail to the spoofed [email protected] address has been a nightmare to deal with.

“So far today, we’ve received about one and a half million bounced mails. The anti-virus definitions have been updated to block mails from that address, which is theoretically what they’re supposed to do. So, we are being bombarded with the bounces. It is saturating our network and hogging bandwidth,” Berns explained.

“It has been all hands on deck here. My team has been working around the clock just to keep our email flowing. This week has been a challenge like none we’ve seen. It’s the worst we’ve dealt with all the worms,” he said, referring to the Blaster and Welchia viruses that slowed enterprise networks to a crawl for most of the past week.

And, with fears that several new Sobig variants will appear in the future, Berns is resigned to dealing with more headaches in the coming weeks. “Who knows what Sobig.G or Sobig.H will do?”

Sobig-F, which builds on the impact of its previous Sobig worms, turn infected machines into hidden proxy servers. The latest variant is programmed to stop spreading on September 10 but a new variant is expected to hit soon after.

According to F-Secure, Sobig.F comes with a large attachment (around 70KB) and has its own SMTP engine, apart from routines to query directly DNS servers and make requests using the Network Time Protocol. The worm also has updating capabilities and will attempt to download updated versions when certain conditions are met.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource