A computer virus that circulated across the Internet this week,
hard on the heels of another nasty online infection, is the fastest
e-mail outbreak ever, an anti-virus company said.
The Sobig.F virus, which continued to spread like wildfire
Thursday, has been blamed for computer disruptions at businesses,
colleges and other institutions worldwide.
Messagelabs, which scans e-mail for viruses, said that within 24
hours it had scanned more than 1 million copies of this latest
variant of the Sobig virus.
"It's unprecedented in our history ... It's a pretty frightening
statistic. And the next incarnation could be even worse," said
MessageLabs chief information analyst Paul Wood.
Sobig.F is the fifth version of the virus, which has had an
expiration date with each variant. The prior version expired last
month. With Sobig.F set to expire Sept. 10, the next version,
"Sobig.G", could appear as soon as Sept. 11.
Sobig does not physically damage computers, files or critical
data, but it ties up computer and networking resources. One in 17
e-mails sent around the world since Monday had been affected by
Sobig, Wood said, with some fearing the virus could increase global
e-mail traffic by as much as 60 percent, slowing the Internet to a
crawl.
How It Spreads
One reason for the volume of e-mails generated is that the
e-mail messages by which the virus spreads are forged to appear to
come from genuine Internet users. Many anti-virus systems respond
by sending an automatic alert back to the Internet user, telling
them they are infected. Users whose e-mail addresses have been thus
forged can then receive hundreds of these virus alerts, adding to
Internet traffic jams.
MessageLabs chief technology officer Mark Sunner also said the
virus was helped along because it essentially had e-mail software
built in. Previous ones relied on existing software packages such
as Microsoft's Outlook and did not spread as quickly among users of
rival e-mail software.
Anti-virus experts think the author may be using the worm to
construct an elaborate network of hijacked computers that can be
used to send spam.
The Sobig virus spreads when unsuspecting computer users open
file attachments in e-mails that contain such familiar headings as
"Thank you," "Re: Details" or "Re: approved."
Once the file is opened, Sobig scours the computer for e-mail
addresses, checking in Word documents, Internet logs and e-mail
inboxes. Designed like mass-mailing spam programs, it then sends
scores of messages to the addresses it has collected.
Previous Record
Before Sobig.F, the previous record for an e-mail infection was
"Klez," with about 250,000 copies spotted during its first 24 hours
earlier this year, Sunner said. There have been faster outbreaks on
the Internet, but those circulated through networking functions
built into Windows operating systems.
The "Slammer" worm struck more than 75,000 computers in just 10
minutes in January, with the number of infected computers doubling
every 8.5 seconds, according to researchers at the University of
California and other institutions. It went on to infect hundreds of
thousands more. E-mail viruses like Sobig can hit the same computer
multiple times, so the number of infections is not directly
comparable.
Networks Slammed
Removing all that extra e-mail takes time and resources. The
University of Wisconsin-Madison, for example, had to shut down
outside access to its e-mail system Wednesday.
"We were removing 30,000 bad e-mails an hour," said Jeff Savoy,
an information security officer at the school.
In India's high-tech city of Bangalore, dozens of cyber cafes
shut down and home computers blacked out. Some cafes were hit
because their service provider was affected, but others got the
virus in machines using Windows operating systems.
The owner of one of the Internet's most popular e-mail lists,
technologist David Farber, was livid about Sobig.
"I got 1300 junk e-mails 'delivered' this AM," he said in a
message to subscribers Thursday. "Find the person and put him/her
in jail."
(China Daily August 22, 2003)