Sobig author 'motivated by money'
Published: 26 Aug 2003 08:35 BST
Security researchers believe that the creator of the Sobig mass-mailing computer virus won't stop with Sobig.F -- the money may be too good.
The Sobig viruses -- the first of which started spreading in January -- are designed to load special software onto people's PCs that can anonymously send spam. The tens of thousands of computers infected by the virus can then be used by bulk emailers to send unsolicited messages that can't be tracked.
"It is very well planned, very well designed and very well executed," said Mikko Hypponen, director of antivirus research for security company F-Secure. Hypponen believes that the virus' author likely sells the list of compromised PCs to spammers. "For once we have a virus with a very good motive: money."
The Sobig viruses are perhaps the first to be used as moneymakers, and that means it's likely the programmer, or group of programmers, that created the latest variant won't stop, said Joe Stewart, senior security researcher for network-protection company Lurhq.
"I do think we will see a new variant soon," Stewart said. Stewart has been studying each iteration of the Sobig virus and believes that, despite heightened law enforcement interest in finding the author, it's unlikely he or she will stop or be found. "The guy obviously knows how to use proxy servers (to achieve anonymity). To think you can track him down using an IP (Internet protocol) address down is pretty far-fetched."
The Sobig.F virus started spreading a week ago, apparently from Usenet news groups where the author had posted it in the guise of a pornographic picture, according to Easynews.com -- the service that had been used to post the file. Easynews reported that it had been served a subpoena by the FBI and had provided the bureau with an apparently stolen credit card number that had been used to purchase the account.
"It appears the account was created with a stolen credit card for the sole purpose of uploading the virus to the Usenet network," Michael Minor, chief technology officer of Easynews, said in a statement on Friday.
The FBI couldn't immediately be reached for comment.
The Sobig.F virus spreads by harvesting emails from Web pages and from an infected computer's address book. It sends a copy of itself to the addresses in an email message with subject lines such as "Your Details," "Re: Approved" and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer.
Sobig.F has spread aggressively, sending far more emails with copies of the virus than any such program to date. The computer virus clogged corporate email systems early last week, as every message had to be digitally checked for the virus before being passed on to the recipient's computer.
The latest Sobig virus uses an email address other than the victim's as the apparent source of email messages that it sends to spread itself. Many antivirus systems send alerts to the apparent senders of viral email messages notifying them that they are infected -- even when the malicious program is known to forge the source's email address. The result is more email clogging in-boxes and more confusion as users have to deal with additional messages accusing them of being infected.
Joe Hartmann, North American director for antivirus research at security-software company Trend Micro, believes that the FBI has its work cut out for it when it comes to catching the perpetrator.
"The person is really trying to make sure that he isn't going to get tracked down," Hartmann said. "Open proxies, stolen credit cards -- it's not going to be easy."
Did you find this article useful?
95 out of 192 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
