I've got even more bad news about that virus:
http://www.msnbc.com/news/955498.asp?0cv=CB10
Aug. 22 — Computer security experts Friday were frantically racing to find and switch off 20 home computers thought to be targeted by a massive attack of the Sobig.F virus, which has already wreaked havoc with users by becoming the fastest e-mail outbreak ever seen.
A FRANTIC GLOBAL hunt was under way from the United States to South Korea to find and switch off 20 home computers with high-speed broadband connections that were due to be targeted by hundreds of thousands of computers infected by Sobig.F at 3:00 p.m. ET Friday.
Security experts discovered only late Thursday that the Sobig.F virus, which has sown panic since Monday by infecting Windows systems and using them to send a deluge of junk mail, was harboring a sinister secret.
Hidden within the virus is an instruction to the infected machines to make contact at 3:00 p.m. ET with the 20 computers, which host an unidentified program.
“The problem is we don’t know what that program is. It could mean a smiley face dances across your screen or it could be something massive,” said Carole Theriault, anti-virus consultant at Sophos Anti-Virus. “It’s still under the control of the virus writer.”
Even if the mystery program is a harmless gag, the sheer volume of Internet data converging on the 20 computer targets could slow the Internet to a crawl.
The time trigger is set to be activated again at the same time on Sunday, August 24.
The search for the owners of the 20 machines — to get them to disconnect before the deadline — has had some success.
“We’ve taken more than half offline,” said Mikko Hypponen, anti-virus research manager at Finland’s F-Secure. “But if one is left standing, there will be an attack.”
PATCH UP, SHUT DOWN
Security officials have advised computer users who suspect they have the virus to download one of the many patches being distributed by anti-virus vendors such as Sophos, Symantec and F-Secure.
Since surfacing late Monday, Sobig.F has been crippling corporate e-mail networks and filling home users’ inboxes with a glut of messages. Hypponen estimated that Sobig.F had generated close to 100 million emails.
Sobig.F spreads when unsuspecting computer users open file attachments in emails that contain such familiar headings as “Thank You!,” “Re: Details” or “Re: That Movie.”
Once the file is opened, Sobig.F resends itself to scores of email addresses from the infected computer and signs the email using a random name and address from the infected computer’s address book.
It has generated a massive flow of potentially infectious emails, bogging down computer servers. Some security experts estimate more than one million computers have been infected worldwide, though they stressed an accurate tally was difficult to measure as so many home computer users had been hit.
FASTEST E-MAIL OUTBREAK EVER
MessageLabs, which scans e-mail for viruses, said that within 24 hours it had scanned more than 1 million copies of this latest variant of the Sobig virus.
“It’s unprecedented in our history. ... It’s a pretty frightening statistic. And the next incarnation could be even worse,” said MessageLabs chief information analyst Paul Wood.
Sobig.F is the fifth version of the virus, which has had an expiration date with each variant. The prior version expired last month. With Sobig.F set to expire Sept. 10, the next version, “Sobig.G”, could appear as soon as Sept. 11.
Sobig does not physically damage computers, files or critical data, but it ties up computer and networking resources. One in 17 e-mails sent around the world since Monday had been affected by Sobig, Wood said, with some fearing the virus could increase global e-mail traffic by as much as 60 percent, slowing the Internet to a crawl.
HOW IT SPREADS
One reason for the volume of e-mails generated is that the e-mail messages by which the virus spreads are forged to appear to come from genuine Internet users. Many anti-virus systems respond by sending an automatic alert back to the Internet user, telling them they are infected. Users whose e-mail addresses have been thus forged can then receive hundreds of these virus alerts, adding to Internet traffic jams.
MessageLabs chief technology officer Mark Sunner also said the virus was helped along because it essentially had e-mail software built in. Previous ones relied on existing software packages such as Microsoft’s Outlook and did not spread as quickly among users of rival e-mail software.
Anti-virus experts think the author may be using the worm to construct an elaborate network of hijacked computers that can be used to send spam.
The Sobig virus spreads when unsuspecting computer users open file attachments in e-mails that contain such familiar headings as “Thank you,” “Re: Details” or “Re: approved.”
Once the file is opened, Sobig scours the computer for e-mail addresses, checking in Word documents, Internet logs and e-mail inboxes. Designed like mass-mailing spam programs, it then sends scores of messages to the addresses it has collected.
my Cowboys