SoBig Email Worm Virus, Part 2

Dennis Faas's picture

Recall --

A few days ago, I wrote about the latest virus threat which is currently clogging up email mailboxes around the world.

In short, the "SoBig worm arrives via email as an attachment; once the attachment has been executed, the worm attempts to propagate itself by mass-mailing the contacts it has collected from the host computer [especially through the use of email Address Books / Contact Lists]."

SoBig Email Worm Virus

The SoBig worm has been an especially dreadful problem for me, since I receive email daily from folks around the world. Whenever someone decides to drop me a line, my email address is automatically added into a Contact List or Address Book and stored on their computer for future reference (almost all of the time).

Since SoBig uses contact lists to spread itself across the Internet -- plus the fact that thousands of people have emailed me in the past -- that might explain why my Inbox has been severely targeted in the past week and a half. At one point, I received 2,000+ viruses over a 36 hour period (picture below).

In Tuesday's issue of the Gazette, I mentioned that removing the SoBig virus from an infected computer would not be enough to "stop the worm dead in its tracks" (per se). Even after the worm has been removed from an infected machine, it may still continue to propagate to your email address via the Internet from another infected computer (which also has your email address stored in a contact list).

What to do?

The only real solution to this problem is to cope with the Worm, since not all ISPs (Internet Service Providers), online email Virus Scanners, and Mail Filters will catch each and every variation of the virus from making its way to your Inbox -- including bounceback emails received from PostMaster and MailerDaemon which insist that your computer is infected (even if it is not!).

Coping with SoBig: using MailWasher Pro

If you're an avid Reader of the Gazette, then you've probably read my article on MailWasher Pro: a program which automates the removal of email viruses and unsolicited messages *before* they have a chance to download to your Inbox.

MailWasher Pro Review

I've been using MailWasher Pro for the last couple of months, and have found it to be very accurate when predicting which emails are likely to contain a virus or spam (unsolicited email).

Unfortunately, MailWasher Pro's heuristics alone will not catch all variations of the SoBig worm -- especially the erroneous bouncebacks.

In part 1 of this article, I promised to discuss Mail Rules I have recently developed in conjunction with MailWasher Pro, in order to automate and eliminate almost all W32.Sobig.F@mm emails from ever reaching my Inbox (including bouncebacks).

Without further adieu, here are the steps I used to create my message rules:

  • Load MailWasher Pro
  • Ensure that View -> Filter Side Bar has a checkmark beside it
  • Click the Filters tab, and then click the "+Add" button near the top

There are 8 rules in all. For each and every new Mail Rule, use the following template:

  • Type in the Filter Name (defined in the Mail Rule List below)
  • Status Description: SoBig Virus
  • Priority: Takes precedence over Friends List
  • Action: Mark for Deletion (ensure that no other options are check-marked)
  • Apply this Filter when: any rule below is satisfied (NOT "all", which is default -- or the rule won't work!)

Hope that helps!

Rate this article: 
No votes yet