A computer virus that circulated across the Internet this week, hard on the heels of another nasty online infection, is the fastest e-mail outbreak ever, an anti-virus company said.
The Sobig.F virus, which continued to spread like wildfire Thursday, has been blamed for computer disruptions at businesses, colleges and other institutions worldwide.
Messagelabs, which scans e-mail for viruses, said that within 24 hours it had scanned more than 1 million copies of this latest variant of the Sobig virus.
"It's unprecedented in our history ... It's a pretty frightening statistic. And the next incarnation could be even worse," said MessageLabs chief information analyst Paul Wood.
Sobig.F is the fifth version of the virus, which has had an expiration date with each variant. The prior version expired last month. With Sobig.F set to expire Sept. 10, the next version, "Sobig.G", could appear as soon as Sept. 11.
Sobig does not physically damage computers, files or critical data, but it ties up computer and networking resources. One in 17 e-mails sent around the world since Monday had been affected by Sobig, Wood said, with some fearing the virus could increase global e-mail traffic by as much as 60 percent, slowing the Internet to a crawl.
How It Spreads
One reason for the volume of e-mails generated is that the e-mail messages by which the virus spreads are forged to appear to come from genuine Internet users. Many anti-virus systems respond by sending an automatic alert back to the Internet user, telling them they are infected. Users whose e-mail addresses have been thus forged can then receive hundreds of these virus alerts, adding to Internet traffic jams.
MessageLabs chief technology officer Mark Sunner also said the virus was helped along because it essentially had e-mail software built in. Previous ones relied on existing software packages such as Microsoft's Outlook and did not spread as quickly among users of rival e-mail software.
Anti-virus experts think the author may be using the worm to construct an elaborate network of hijacked computers that can be used to send spam.
The Sobig virus spreads when unsuspecting computer users open file attachments in e-mails that contain such familiar headings as "Thank you," "Re: Details" or "Re: approved."
Once the file is opened, Sobig scours the computer for e-mail addresses, checking in Word documents, Internet logs and e-mail inboxes. Designed like mass-mailing spam programs, it then sends scores of messages to the addresses it has collected.
Previous Record
Before Sobig.F, the previous record for an e-mail infection was "Klez," with about 250,000 copies spotted during its first 24 hours earlier this year, Sunner said. There have been faster outbreaks on the Internet, but those circulated through networking functions built into Windows operating systems.
The "Slammer" worm struck more than 75,000 computers in just 10 minutes in January, with the number of infected computers doubling every 8.5 seconds, according to researchers at the University of California and other institutions. It went on to infect hundreds of thousands more. E-mail viruses like Sobig can hit the same computer multiple times, so the number of infections is not directly comparable.
Networks Slammed
Removing all that extra e-mail takes time and resources. The University of Wisconsin-Madison, for example, had to shut down outside access to its e-mail system Wednesday.
"We were removing 30,000 bad e-mails an hour," said Jeff Savoy, an information security officer at the school.
In India's high-tech city of Bangalore, dozens of cyber cafes shut down and home computers blacked out. Some cafes were hit because their service provider was affected, but others got the virus in machines using Windows operating systems.
The owner of one of the Internet's most popular e-mail lists, technologist David Farber, was livid about Sobig.
"I got 1300 junk e-mails 'delivered' this AM," he said in a message to subscribers Thursday. "Find the person and put him/her in jail."
(China Daily August 22, 2003)