Almost everyone's email inbox was clogged earlier this week with messages generated by computers infected with the Sobig.F Windows virus. We saw unwanted messages with Subject lines like:


* Re: Details
* Re: Approved
* Re: Re: My details
* Re: Thank you!
* Re: That movie
* Re: Wicked screensaver
* Re: Your application
* Thank you!
* Your details

UVM's email system detected over 40,000 infected messages on Tuesday, August 19, and removed the infected attachments before delivering the messages to our inboxes. (On a typical day, the email system cleanses about 1,200 infected messages.)

Because users of UVM's email system found it more and more time consuming to manually delete such an unprecedented volume of useless messages, Computing and Information Technology modified the email system to filter out messages infected with this virus rather than delivering disinfected messages to our inboxes. Messages are dropped based on the names of the attachments, not on the Subject lines, to guard against deleting legitimate messages.

In the first 22 hours after implementing the change, over 48,000 infected messages were filtered out.

How many people worldwide were infected by Sobig.F? At least one million on the first day alone, dwarfing the previous record held by the Klez virus. How many who get all of their email through the UVM email system were infected by Sobig.F? Zero. That's because UVM recently started blocking attachment file types that are likely to be used to propogate viruses and worms. So even in the critical first hours of the Sobig.F outbreak, while we were waiting for Symantec to provide us with protection, UVM's email gateway was preventing the virus from entering our inboxes.

Many of us have also noticed an increase in the number of email delivery error notices. This occurs because a computer infected with Sobig.F sends out hundreds of infected emails with forged "From" addresses. If we're unlucky enough to be the user of one of the forged addresses, we'll get error notices when virus-generated messages can't be delivered. This isn't something that can be remedied by the email system; we each will have to delete these secondary Sobig.F effects manually.

To protect your computer against Sobig.F and other viruses, please always run up-to-date virus protection software, and avoid use of non-UVM mail services that don't scan messages for viruses. UVM's site-licensed Symantec Antivirus software is free for downloading from:

http://www.uvm.edu/software

For more information, please see:

http://www.uvm.edu/cit/antivirus/

Please address questions or concerns to CIT at information.technology@uvm.edu.