The Worm Has Turned
Published August 24, 2003
- The fast-spreading Sobig.F e-mail virus slowed on Sunday and failed for a second time to launch a remote data attack using thousands of infected personal computers, computer security experts said.
Sobig.F, which first emerged on Aug. 18, was programmed by an unknown creator to unleash a data attack at noon PDT on Sunday.
But with the trigger — a computer program unwittingly installed on 20 poorly defended computers mostly in the United States and Canada — deactivated on Friday, Sunday's attempt was a non-event, according to reports from technology security company Symantec Corp. and Craig Schmugar, virus research engineer at rival Network Associates Inc. .
An initial automated barrage planned for Friday was averted after government and security industry experts raced to diffuse the digital trigger that could have taken control of more than 100,000 infected computers and possibly crippled the Internet.
The number of infected computers worldwide fell dramatically from Saturday to Sunday, declining by one-third in the 24-hour period to 98,205 from 145,264, according to a virus map from anti-virus software maker Trend Micro. [Reuters]
- "Now, it's a case of a big clean-up for (technicians) and learning a lesson for the next time there's an e-mail worm," said Graham Cluley, senior technology consultant at British-based Sophos Anti-Virus.
The next time could be in weeks. SoBig.F is the sixth version of a virus that first appeared in January. Each one has been stronger than the previous, security officials said.
SoBig.F is programmed to expire on Sept. 10.
"We would expect to see the next one some time after September 10, not necessarily on September 11, but within the ensuing weeks," Cluley said.
![Norton AntiVirus 2003 [Old Version]](http://ecx.images-amazon.com/images/I/41NE7T8V4BL._SY90_.jpg "Norton AntiVirus 2003 [Old Version]")
- The Worm Has Turned
- Published: August 24, 2003
- Type:
- Section: Sci/Tech
- Filed Under: Sci/Tech: Software, Sci/Tech: Internet
- Writer: Eric Olsen
- Eric Olsen's BC Writer page
- Eric Olsen's personal site
- Spread the Word
- Like this article?
- Email this
Save to del.icio.us
Comments on this articleComments
It sucks and continues to suck, but the tide has turned.
Cindy:
Sobig.f takes a random address from the infected machine and uses it as the "from:" header (and "envelope-sender:" as well). Anyone who writes or configures a mail server anti-virus package to send an error to the spoofed "sender" is a mouthbreathing homonculous. Anyone who writes or configures a mail server anti-virus package to
I'm so sick of these things.
What really sucks is when legitimate email with legitimate attachments gets caught in the combines. Maybe Pirillo is right, email is dead.
Add your comment, speak your mind
(Or ping: http://blogcritics.org/mt/tb/7792)
Now, if only I'd quit getting virus infected emails! I deleted 39 of them this morning. (I deleted over 100 on Friday and a good number yesterday).
And the really disconcerting thing is that somebody is apparently spoofing my email address. My computer is clean, but I keep getting messages from computers that detected the virus in an email that I never sent but which is coming from my website's email contact address.
Spammers just love me. The feeling is not mutual.