As everyone probably knows firsthand by now, we\u2019ve all been suffering through a particularly bad period of worm infestation on the \u2018Net lately. Variants of the Sobig and Blaster (a.k.a. LovSan) worms (often called \u201cviruses\u201d in press reports) caused major hang-ups worldwide.I want to focus today on the Sobig worm and other electronic thugs that use a victim\u2019s e-mail address book to send out lots of e-mail messages. Many of the worms use their own SMTP interface, bypassing the victim\u2019s e-mail client program and thus leaving no obvious trace (e.g., \u201csent\u201d messages) that the user can spot early on in the infection.Worse still, modern worms often use the victim\u2019s address book not only for targets (destination addresses) but also to forge SMTP headers using spoofed origination addresses. That is, the worms are written to make it appear that their infected traffic comes from someone whose address has been picked up from another victim\u2019s address book.Some anti-virus programs respond to infected e-mail messages by sending a notice to the originator of the infected message. For example, you may have received message like these:>email@example.com@norwich.eduFrom: Sent: Thursday, September 04, 2003 22:30To: Subject: Virus Detected by Network Associates, Inc. Webshield SMTP V4.5 MR1aNetwork Associates WebShield SMTP V4.5 MR1a on mimesweeper detected virus W32\/Sobig.f@MM in attachment document_all.pif from and it was Cleaned and Quarantined.