- The fast-spreading Sobig.F e-mail virus slowed on Sunday and failed for a second time to launch a remote data attack using thousands of infected personal computers, computer security experts said.
Sobig.F, which first emerged on Aug. 18, was programmed by an unknown creator to unleash a data attack at noon PDT on Sunday.
But with the trigger — a computer program unwittingly installed on 20 poorly defended computers mostly in the United States and Canada — deactivated on Friday, Sunday's attempt was a non-event, according to reports from technology security company Symantec Corp. and Craig Schmugar, virus research engineer at rival Network Associates Inc. .
An initial automated barrage planned for Friday was averted after government and security industry experts raced to diffuse the digital trigger that could have taken control of more than 100,000 infected computers and possibly crippled the Internet.
The number of infected computers worldwide fell dramatically from Saturday to Sunday, declining by one-third in the 24-hour period to 98,205 from 145,264, according to a virus map from anti-virus software maker Trend Micro. [Reuters]
With this mass infection forcing even casual Internet users to pay attention and learn to prevent or at least to clean up after an attack, maybe a critical mass has finally been reached regarding security that will prevent further wildfire outbreaks. But it's not over:
- "Now, it's a case of a big clean-up for (technicians) and learning a lesson for the next time there's an e-mail worm," said Graham Cluley, senior technology consultant at British-based Sophos Anti-Virus.
The next time could be in weeks. SoBig.F is the sixth version of a virus that first appeared in January. Each one has been stronger than the previous, security officials said.
SoBig.F is programmed to expire on Sept. 10.
"We would expect to see the next one some time after September 10, not necessarily on September 11, but within the ensuing weeks," Cluley said.
Besides purchasing an anti-virus program, make sure you have the latest security patches from Windows, and just to make sure it would be a good idea to to run a removal tool on your computer like this free one from BitDefender.
Article comments
1 - Cindy Collins Smith
Now, if only I'd quit getting virus infected emails! I deleted 39 of them this morning. (I deleted over 100 on Friday and a good number yesterday).
And the really disconcerting thing is that somebody is apparently spoofing my email address. My computer is clean, but I keep getting messages from computers that detected the virus in an email that I never sent but which is coming from my website's email contact address.
Spammers just love me. The feeling is not mutual.
2 - Eric Olsen
It sucks and continues to suck, but the tide has turned.
3 - Michael Croft
Cindy:forward the virus to the spoofed "sender" should be hanged, drawn, and quartered.
Sobig.f takes a random address from the infected machine and uses it as the "from:" header (and "envelope-sender:" as well). Anyone who writes or configures a mail server anti-virus package to send an error to the spoofed "sender" is a mouthbreathing homonculous. Anyone who writes or configures a mail server anti-virus package to
I'm so sick of these things.
4 - TDavid
What really sucks is when legitimate email with legitimate attachments gets caught in the combines. Maybe Pirillo is right, email is dead.