- The Washington Times - Sunday, August 24, 2003

The worst e-mail virus in history slowed its spread to computers worldwide during the weekend and is expected to shut itself off Sept. 10.

The SoBig.F virus, which flooded e-mail in-boxes and shut down several computer networks last week, was infecting computers at a rate of less than 2,000 per hour, nearly 75 percent slower than its peak Wednesday, said Tokyo-based computer security company TrendMicro.

The virus has infected more than 570,000 computers and sent more than 100 million e-mails since it appeared Tuesday, TrendMicro said. Others estimate that the virus has infected more than 1 million computers worldwide.

Many organizations — including CSX Inc., Air Canada and the New York Times — reported problems associated with the virus last week. No new major problems were reported during the weekend, and computer security companies said the virus was running out of potential victims.

Companies warned, though, that the Sept. 10 shutdown date for SoBig.F could trigger a new version of the virus that would exploit the damage left in its wake.

Central Command, a Medina, Ohio-based antivirus company, warned Internet users about an attack on or about September 11.

SoBig.F “is estimated to have infected millions of systems worldwide and may draw on them to be part of a cyber army focusing a digital assault against major online services,” Central Command wrote in a message to customers and reporters Thursday.

The company warned of a “newly constructed creation shortly after September 10th.”

Computer security companies said they are aware of the significance of SoBig.F’s shutdown date, the day before the second anniversary of the terrorist attacks on New York and Washington. But they said there was no evidence to suggest a new virus will emerge September 11 rather than on any other date.

“We would expect to see the next one sometime after September 10, not necessarily on September 11, but in the ensuing weeks,” Graham Culey, a senior technology consultant with British antivirus company Sophos, told Reuters news agency.

Computer security analysts said an attempt Friday by the architects of SoBig.F to attack as many as 100,000 infected computer systems and cripple the Internet was not successful. Fears of a similar attack scheduled for yesterday also proved unfounded.

SoBig.F is the sixth version of the SoBig virus, which is designed to spread by sending itself to random addresses in an e-mail address book. It is considered a virus because it operates through e-mail but is similar to a computer worm, which can reproduce itself on its own.

The SoBig.F virus is carried in attachments to messages with subject lines such as “your application” and “thank you.” Computer security analysts say they believe the virus creates holes in e-mail systems through which mass amounts of unwanted e-mail, or spam, can be sent anonymously.

Last week, the FBI subpoenaed EasyNews.com, a newsgroup provider in Arizona, to trace the architect of the virus. Analysts said the virus probably began spreading after it was posted on a sex-oriented newsgroup hosted by EasyNews, which says it was not aware SoBig.F had been posted there.

The emergence of SoBig.F last week was the latest in a string of viruses and worms that have plagued computer systems this month. On Aug. 11, a worm called “Blaster” or “Lovesan” emerged, causing thousands of computers to restart or crash without warning. Blaster caused the Maryland Motor Vehicle Administration to close its offices early Aug. 12 and slowed networks worldwide.

Shortly after Blaster appeared, a worm called “Welchia” emerged and created similar damage.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More

Click to Hide