A frantic global hunt was underway from the United States to South Korea to find and switch off just 20 home computers with high-speed broadband connections that were due to be targeted by hundreds of thousands of computers infected by Sobig.F at 1900 GMT on Friday.

Security experts discovered only late on Thursday that the Sobig.F virus, which has sown panic since Monday by infecting Windows systems and using them to send a deluge of junk mail, was harbouring a sinister secret.

Hidden within the virus is an instruction to the infected machines to make contact at 1900 GMT with the 20 computers, which host an unidentified programme.

"The problem is we don't know what that programme is. It could mean a smiley face dances across your screen or it could be something massive," said Carole Theriault, anti-virus consultant at Sophos Anti-Virus. "It's still under the control of the virus writer."

Even if the mystery programme is a harmless gag, the sheer volume of Internet data converging on the 20 computer targets could slow the Internet to a crawl.


Sobig.F spreads when unsuspecting computer users open file attachments in emails that contain such familiar headings as "Thank You!", "Re: Details" or "Re: That Movie"

The time trigger is set to be activated again at the same time on Sunday, 24 August.

The search for the owners of the 20 machines - to get them to disconnect before the deadline - has had some success.

"We've taken more than half offline," said Mikko Hypponen, anti-virus research manager at Finland's F-Secure. "But if one is left standing, there will be an attack." 
 
Patch up and shut down

Security officials have advised computer users who suspect they have the virus to download one of the many patches being distributed by anti-virus vendors such as Sophos, Symantec and F-Secure.

Since surfacing late on Monday, Sobig.F has been crippling corporate e-mail networks and filling home users' inboxes with a glut of messages. Hypponen estimated that Sobig.F had generated close to 100 million emails.

Sobig.F spreads when unsuspecting computer users open file attachments in emails that contain such familiar headings as "Thank You!", "Re: Details" or "Re: That Movie".

Once the file is opened, Sobig.F resends itself to scores of email addresses from the infected computer and signs the email using a random name and address from the infected computer's address book.

It has generated a massive flow of potentially infectious emails, bogging down computer servers. Some security experts estimate more than one million computers have been infected worldwide, though they stressed an accurate tally was difficult to measure as so many home computer users had been hit.