Sobig Virus Spread is Fastest Ever; Nachi Worm Continues

Dow Jones Newswires | Riva Richmond

[HAL9000]

NEW YORK (AP)—A virus that debuted this week has been declared the fastest spreading e-mail plague of all time, while another malicious program that hit last week continued to disrupt computers worldwide.

MessageLabs Inc., a company that filters e-mail for corporate clients around the world, Wednesday said it had intercepted more than a million copies of the "Sobig.F" virus the previous day, the most it has ever intercepted in a single day. That was one in every 17 e-mail messages the firm scanned.

"That's just a number we've never seen before," said Brian Czarny, MessageLabs' marketing director. The most widespread virus of all time, "Klez," at its peak accounted for one in 125 messages scanned.

Sobig.F continued to spread aggressively on Wednesday, though the pace eased off a bit to about one in 60 messages, he said.

The virus, which is the sixth and latest strain of a virus that first emerged in January, spreads through Windows PCs via e-mail and corporate networks. Besides clogging e-mail systems with messages carrying subject lines like "Re: Details" and "Re: Wicked screensaver," the virus also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into relayers of spam e-mail.

"It's a seeding," Czarny said. "All they're looking to do is plant that Trojan."

Another virus, of the self-spreading kind called a "worm," first appeared last week and was still causing problems Wednesday. The worm, dubbed "Blaster," spreads through Internet connections to PCs using versions of Microsoft Corp.'s Windows operating system that haven't been fixed for a programming flaw. Microsoft disclosed the error, and provided a patch, on July 16.

Blaster was followed this week by the derivative "Nachi" or "Welchia," which attempts to inoculate computers by downloading the patch from Microsoft. However, the new worm is causing more problems than Blaster, and brought down Air Canada's ticketing systems Tuesday.

Railway giant CSX Corp. said a "worm virus" brought down its signaling systems early Wednesday morning, causing delays and canceled trains through the Eastern states.

Andy Ellis, chief security architect at Web services company Akamai Technologies Inc. said "Nachi" may not be more widespread than Blaster, but it is technically superior and is now generating twice as much Internet traffic as Blaster.

A lot of companies have been reporting problems inside their networks, he said, and there have been "a couple of points where parts of the backbone had performance issues" in the last 24 hours.

"Nachi is a long-term problem that has to be dealt with. These systems absolutely have to be patched," Ellis said.

Copyright 2003 Associated Press. All rights reserved.

[HAL9000]

The good news is that a lot of FReepers are getting rid of Microsoft operating systems recently, judging from numerous messages on FR.

[Jalapeno]

I have definitely seen signs today that Sobig spread in a huge way, but the activity seems to be on the wane now, and by next week will be long forgotten.

[Chad Fairbanks]

And yet, once again, I still havn't gotten this virus/worm/trojan, or any other one... and I've used MS Products for years...

Maybe it's not the Operating System that is the problem?

[Jalapeno]

No its the mail program (outlook) and how you expose your email throuhout the Internet..

[Chad Fairbanks]

Well, I use Outlook too.

What I'm waiting for is for Linux to take over as the Big Boy on the Block, and I am going to laugh my butt off when suddenly they become the target of choice for malicious script kiddies... as for the three Mac Users out there, well, they ain't gotta worry ;0)

[Sally'sConcerns]

There's a new patch that I was alerted to late this afternoon from Microsoft. I didn't check to see what it was since I've set my auto-notification to be for critical updates only.

Just thought I'd throw that out where people can check for the update.

[babaloo999]

Yup. I've never received any of these menaces, either.
Heck, I've never even received an email from Nigeria.
Where's the love?

[Cold Heat]

I agree with you. I got one once and bought Norton. I got another one and dumped norton for Avast a couple years ago and have never gotten another.

I upped my security some more by not accepting any mail unless the sender in in my address book.

That seems to solve all the problems.

[Chad Fairbanks]

I havn't gotten teh Nigerian Scam ones either. I feel so slighted.

[js1138]

And yet, once again, I still havn't gotten this virus/worm/trojan, or any other one... and I've used MS Products for years...

I've gotten a couple, but in each case it was due to deliberate neglect against my better judgement.

[js1138]

I upped my security some more by not accepting any mail unless the sender in in my address book.

Every virus I've ever seen at home or at work has come from a trusted source.

[Chad Fairbanks]

Regardless of what operating system I happen to be using at any given time, a simple hardware or software firewall and a little common sense seems to prevent most problems...

I am, right now in what little spare time I have, conceptualizing the Ultimate Virus (well, actually a Worm) that could, in theory, take down the Internet. Having Linux wouldn't help. bwaaaaaaaaaaahahahahahahahahahaaaa

[browardchad]

I am, right now in what little spare time I have, conceptualizing the Ultimate Virus (well, actually a Worm) that could, in theory, take down the Internet.

I don't think it would be that difficult -- I mean, if people are opening e-mails from strangers that say "Wicked Screensaver," or "I love you" they'll open anything.

[tubebender]

The good news is I think I figured out the Eudora Spam filter. The bad news is I'm not getting any eMail now...

[Chad Fairbanks]

LOL... actually, the concept wouldn't necessarily be an email-delivered exploit. Now, as I stated, this is only a concept, and I have no intention of ever doing it.

The concept is, simply, a software EMP against Internet Backbones...

THe questions are - can it be done? and if so, what can be done to defend against it...?

[rockfish59]

'Sobig'

Must originate from a gay porn site!

[mlbford2]

I had to deal with an onslaught of emails today from infected dimwits. Then you get emails from the rest of them asking why your emailing them. I stopped replying. If they can't figure it out then forget em.

[commish]

I have recieved 14 e-mails today with Sobig attached to them .. gotta love Norton Anti-virus

[Chad Fairbanks]

Even as recent as a few years ago, Eudora, Netscape Communicator, and yes, Outlook , had some exploitable functionality in it... Email has been a problem for well over a decade...

[HAL9000]

Maybe it's not the Operating System that is the problem?

It must be a mere coincidence that the only computers that ever get infected are running Windows. And thanks to the SoBig virus, millions of those miserable machines will be used as open relays for spam.

as for the three Mac Users out there, well, they ain't gotta worry ;0)

Mac OS X will be running on 10 million computers this year - virus-free.