Sobig.F worm thwarted, for now

Computer security experts halted an attack by computer worm Sobig.F, but not before it had infected PCs around the world, including 30% of China’s ill-protected boxes.

    This was the biggest Internet worm yet

    The FBI subpoenaed an Arizona Internet service provider in order to trace the fast-spreading virus experts believe was first posted on an adult-oriented Web site.

    The worm has been clogging millions of e-mail inboxes with a hidden command directing infected PCs to make contact with one of 20 vulnerable computers at 12 noon California time (1900 GMT) every Friday and Sunday until it expires on 10 September, said Steve Trilling, chief researcher at anti-virus vendor Symantec Corp.

    Government and industry security experts raced against the clock on Friday to take offline 19 of the 20 home computers, thwarting an attack before the 12 noon deadline, said Mikko Hypponen, anti-virus research manager at F-Secure of Finland.

    The computers were located in the United States, Canada and South Korea, he said. The remaining master computer, which was in the United States, was taken down shortly after the deadline, experts said.

    Porn site

    "Sobig.F was first posted to a porn Usenet group"

    Jimmy Kuo,                           Network Associates Inc.


    One expert said the Sobig.F e-mail virus was disguised so that anyone who clicked on a link purporting to show a sexually graphic picture became infected with the self-replicating worm, which then spread itself to other e-mail addresses.

    "Sobig.F was first posted to a porn Usenet group," said Jimmy Kuo, research fellow at anti-virus software maker Network Associates Inc. Usenet is a popular forum on the Internet where computer users with similar interests post and read messages. 

    Sobig.F spreads when unsuspecting computer users open file attachments in e-mails that contain such familiar headings as "Thank You!," "Re: Details" or "Re: That Movie."

    Once the file is opened, Sobig.F resends itself to e-mail addresses from the infected computer and signs the e-mail using a random name and address from the computer's address book.

    Since Monday, computer users from Korea to Norway have struggled to fend off attacks that have crippled corporate e-mail networks and have filled home users' inboxes with a glut of messages, before fanning out to find more victims.

    Consulting firm Booz Allen Hamilton, Air Canada, transport company CSX Corp. CSX.N and possibly the New York Times are among hundreds of companies that have suffered network attacks from recent viruses.

    Easy prey

    "We've never seen anything like it"

    Hao Ting,                              Beijing Rising Technology

    China's growing online population has been an easy prey to the virus. It exploited a low level of awareness and a widespread absence of efficient anti-virus software to infect over 20 million computers across the country.

    "We've never seen anything like it," said Hao Ting, a spokeswoman for Beijing Rising Technology, an Internet security company.

    New threats

    Employees at the New York Times headquarters in midtown Manhattan were asked to shut down their computers, but a spokesman declined to comment on the cause of the shutdown.

    "We will not speculate on the cause, effect or scope of the problem ... We plan to get the paper out tomorrow."

    Sobig.F was written to expire on 10 September, but experts said they expect another version to follow. This is the sixth version of the portentously named virus since it first appeared in January.

    Experts had worried that the timed attack would slow down Internet traffic and possibly set in motion a new set of commands to launch new attacks. However, they cautioned that it was too early to tell whether the threat of Sobig.F had ended. The next expected attack could spur new problems, they said.

    Internet service provider of Phoenix, Arizona said it had been contacted by investigators by telephone on Thursday and the company was issued a subpoena on Friday.

    "It looks like the original variant was posted through us to Usenet on the 18th (of August)," Michael Minor, the Internet service provider's chief technology officer, said.

    SOURCE: Agencies


    How being rejected by my father a second time helped me heal

    How being rejected by my father a second time helped me heal

    He told me horror stories about my biological mother, told me he wanted to do better and then stopped speaking to me.

    'It ruined my life': School closures in Kenya lead to rise in FGM

    'It ruined my life': School closures in Kenya lead to rise in FGM

    With classrooms closed to curb coronavirus, girls are more at risk of FGM, teenage pregnancy and child marriage.

    'It takes a village to kill a child': Uganda's hidden children

    'It takes a village to kill a child': Uganda's hidden children

    Faced with stigma and abuse, many children with disabilities are hidden indoors, with few options for specialised care.