Sobig virus 'biggest epidemic yet'
Published: 21 Aug 2003 09:10 BST
The Sobig virus is aptly named. Recent data from email service providers pegs the infection caused by the latest variant of the Sobig virus as the largest epidemic of a mass-mailing computer program to date.
Email filtering company MessageLabs, for instance, said it intercepted more than a million messages that carry the virus on Tuesday, while rival Postini trapped 2.6 million in 24 hours.
"This is the fastest (virus) that we have seen," said Scott Petry, vice president of products and engineering for Postini. He added that the company typically stops far fewer email messages that carry viruses -- about 500,000 -- on an average day.
Click here for information on how to prevent and remove the Sobig.F virus.
The computer virus clogged corporate email systems on Tuesday and Wednesday, as every message had to be digitally checked for the virus before being passed on to the recipient's computer. MessageLabs found that about one in every 17 messages contained the Sobig virus -- far more then the normal 1-in-275 ratio or 1-in-138 ratio that the previous top threat, Klez.H, had produced.
Sobig.F, like previous versions of the virus, uses an email address other than the victim's as the apparent source of email messages that it sends to spread itself. Many antivirus systems send an alert that notifies the apparent sender of viral email messages that they are infected, even when the malicious program is known to forge the source's email address. The result: more spam to clog the Internet's arteries.
"We chose to not respond to spam or viruses, because it can quickly turn into a denial of service attack," Petry said.
America Online also had to deal with an avalanche of email. On any given day, the consumer Internet service provider -- the world's largest -- normally receives about 11 million email messages carrying attachments that need to be checked. On Tuesday, the company took in about 31 million such messages, about 11.5 million of which carried the Sobig.F virus, according to an AOL representative.
The Sobig.F virus spreads by harvesting emails from Web pages and from the address book of an infected computer. It sends a copy of itself to the addresses in an email message with subject lines such as "Your Details," "Re: Approved," and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer.
The virus has caused headaches for administrators at the Massachusetts Institute of Technology, the US Department of Defense and many other companies. But the virus -- like the previous versions -- has an expiration date built in: This variant is set to stop spreading on 10 September.
But rather than comfort Internet service providers, that fact made administrators worried that the people who wrote the Sobig family of viruses were learning with each variant.
"The Sobig virus writer's use of an inbuilt expiry date indicates that he is committed to inventing new and improved versions," Mark Sunner, chief technology officer at MessageLabs, said in a statement. "Each variant released so far has exceeded the previous one in growth and impact during the critical initial window of vulnerability."
Did you find this article useful?
81 out of 161 people found this useful
- Share this article:
Full Talkback thread
2 comments
