Sobig.F Virus Slows, Second Attempt Fizzles

N

net1

Guest
The fast-spreading Sobig.F e-mail virus slowed on Sunday and failed for a second time to launch a remote data attack using thousands of infected personal computers, computer security experts said.

Sobig.F, which first emerged on Aug. 18, was programmed by an unknown creator to unleash a data attack at noon PDT on Sunday.

But with the trigger -- a computer program unwittingly installed on 20 poorly defended computers mostly in the United States and Canada -- deactivated on Friday, Sunday's attempt was a non-event, according to reports from technology security company Symantec Corp. and Craig Schmugar, virus research engineer at rival Network Associates Inc. .

An initial automated barrage planned for Friday was averted after government and security industry experts raced to diffuse the digital trigger that could have taken control of more than 100,000 infected computers and possibly crippled the Internet.

The number of infected computers worldwide fell dramatically from Saturday to Sunday, declining by one-third in the 24-hour period to 98,205 from 145,264, according to a virus map from anti-virus software maker Trend Micro.

North America had the highest number of infected computers at 68,911, a one-day drop of 22 percent. Meanwhile, the number of infected computers in Europe declined by 51 percent to 26,727 machines. But from a smaller base, infections in Asia jumped 41 percent to 8,258, according to Tokyo-based Trend Micro's Web site.

"Now, it's a case of a big clean-up for (technicians) and learning a lesson for the next time there's an e-mail worm," said Graham Cluley, senior technology consultant at British-based Sophos Anti-Virus.

The next time could be in weeks. SoBig.F is the sixth version of a virus that first appeared in January. Each one has been stronger than the previous, security officials said.

SoBig.F is programmed to expire on Sept. 10.

"We would expect to see the next one some time after September 10, not necessarily on September 11, but within the ensuing weeks," Cluley said.

The virus spreads when unsuspecting computer users open file attachments in e-mails that contain familiar headings like "Thank You!," and "Re: Details."

Once the file is opened, Sobig.F resends itself to e-mail addresses from the infected computer and signs the e-mail using a random name and address from the computer's address book.

SoBig.F was released on a s_x-oriented Internet discussion group a week ago, according to security experts and EasyNews.com, the Internet service provider that supplied the discussion group with Web access.

In the ensuing days it spread to hundreds of thousands of computers and sent out millions of virus-infected e-mails. (Additional Reporting by Bernhard Warner in London and Eric Auchard in New York)
 
Top