Latest On Viral Attacks

LONDON/SAN FRANCISCO (Reuters) - Computer security experts say they have made significant headway to beat an imminent deadline when a super-potent e-mail virus may unleash a crippling global barrage of data. A frantic hunt was under way in the United States, Canada and South Korea to track down and switch off 20 home computers with high-speed broadband connections that were due to be targeted by hundreds of thousands of computers infected by the Sobig.F virus at 8 p.m. British time on Friday. " The problem is we don't know what that program is -- it could mean a smiley face dances across your screen or it could be something massive "-Carole Theriault, anti-virus consultant.


A spokesman said the FBI had begun an investigation to locate who had written the destructive computer worm. "We've seen multi-stage attacks before, but this is probably the most effective example of that," said Bruce Schneier, chief technology officer of Counterpane Internet Security. "What can a million computers do if they're told to? Anything."

Security experts said that by mid-afternoon, eastern daylight time in the United States, more than half of those machines had been located and shut down but the threat of a major Internet traffic slowdown still remained. Anti-virus researchers discovered late on Thursday that the Sobig.F virus, which has played havoc with Windows-based computers since Monday, contains a hidden instruction to infected machines to make contact at 8 p.m. on Friday with the 20 computers.

Those 20 machines will direct them to a Web site that will host an unidentified program, according to Finnish anti-virus software vendor F-Secure. "The problem is we don't know what that program is. It could mean a smiley face dances across your screen or it could be something massive," said Carole Theriault, anti-virus consultant at Sophos Anti-Virus.

"It's still under the control of the virus writer." Even if the mystery program is a harmless gag, the sheer volume of Internet data converging on the 20 computer targets could slow the Internet to a crawl, experts warned.

ANYTHING CAN HAPPEN

The time trigger is set to be activated again at the same time on Sunday, August 24. Officials know the numerical Internet address of all 20 host computers, said Johannes Ullrich, chief technology officer of the SANS Institute's Internet Storm Center. More than half had been taken offline, said Mikko Hypponen, anti-virus research manager at F-Secure, adding: "But if one is left standing, there will be an attack." The experts predicted that enough of the 20 host computers would be shut down to minimise the attack, or that getting hit with so much traffic would effectively knock them out. However, the list of host computers can be updated, meaning more host computers could be called into action, Ullrich said.

Sobig.F became one of the most widespread viruses ever, crippling corporate e-mail networks and filling home users' inboxes with a glut of messages. Hypponen believes Sobig.F has generated close to 100 million e-mails, representing anywhere from one to thousands of infections each. Sobig.F spreads when unsuspecting computer users open file attachments in e-mails that contain such familiar headings as "Thank You!", "Re: Details" or "Re: That Movie". Once the file is opened, Sobig.F resends itself to e-mail addresses from the infected computer and signs the e-mail using a random name and address from the computer's address book. Security officials have advised computer users who suspect they have the virus to download patches being distributed by anti-virus vendors such as Sophos (www.sophos.com), Symantec (www.symantec.com) and F-Secure (www.F-secure.com).

Security experts recommended that corporate network technicians block outgoing data traffic from "port 8998" to prevent computers from being used in an attack.

 

Log in or Sign up to hide all adverts.

i did you hear about the SOBIG virus


not so SOBIG after all the thing failed yesterday

 

Log in or Sign up to hide all adverts.