Sobig Virus Spread is Fastest Ever; Nachi Worm Continues

Dow Jones Newswires | Riva Richmond

[HAL9000]

NEW YORK (AP)—A virus that debuted this week has been declared the fastest spreading e-mail plague of all time, while another malicious program that hit last week continued to disrupt computers worldwide.

MessageLabs Inc., a company that filters e-mail for corporate clients around the world, Wednesday said it had intercepted more than a million copies of the "Sobig.F" virus the previous day, the most it has ever intercepted in a single day. That was one in every 17 e-mail messages the firm scanned.

"That's just a number we've never seen before," said Brian Czarny, MessageLabs' marketing director. The most widespread virus of all time, "Klez," at its peak accounted for one in 125 messages scanned.

Sobig.F continued to spread aggressively on Wednesday, though the pace eased off a bit to about one in 60 messages, he said.

The virus, which is the sixth and latest strain of a virus that first emerged in January, spreads through Windows PCs via e-mail and corporate networks. Besides clogging e-mail systems with messages carrying subject lines like "Re: Details" and "Re: Wicked screensaver," the virus also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into relayers of spam e-mail.

"It's a seeding," Czarny said. "All they're looking to do is plant that Trojan."

Another virus, of the self-spreading kind called a "worm," first appeared last week and was still causing problems Wednesday. The worm, dubbed "Blaster," spreads through Internet connections to PCs using versions of Microsoft Corp.'s Windows operating system that haven't been fixed for a programming flaw. Microsoft disclosed the error, and provided a patch, on July 16.

Blaster was followed this week by the derivative "Nachi" or "Welchia," which attempts to inoculate computers by downloading the patch from Microsoft. However, the new worm is causing more problems than Blaster, and brought down Air Canada's ticketing systems Tuesday.

Railway giant CSX Corp. said a "worm virus" brought down its signaling systems early Wednesday morning, causing delays and canceled trains through the Eastern states.

Andy Ellis, chief security architect at Web services company Akamai Technologies Inc. said "Nachi" may not be more widespread than Blaster, but it is technically superior and is now generating twice as much Internet traffic as Blaster.

A lot of companies have been reporting problems inside their networks, he said, and there have been "a couple of points where parts of the backbone had performance issues" in the last 24 hours.

"Nachi is a long-term problem that has to be dealt with. These systems absolutely have to be patched," Ellis said.

Copyright 2003 Associated Press. All rights reserved.

[Sweet Hour of Prayer]

Help! I've got the blaster worm on my Dell computer that's running Windows XP. I can't stay online long enough to download the patch from Microsoft. I followed the directions Microsoft gave about enabling a firewall but that didn't help. Windows reboots every 5 minutes and that isn't enough time to get the patch. I wonder why my McCaffee anti-virus software didn't catch this?

[AppyPappy]

I've been battling this Welchi virus all day. I have no idea how it managed to get past the firewall.

[brianl703]

I wonder if that Compaq was a return sold as new.

[HAL9000]

Your best option may be to ask a friend to download the patch and provide you with a copy on floppy or burn a CD-R. Good luck.

[AppyPappy]

When it comes up with the message saying it will reboot in X seconds, change your clock time to 2002

[battousai]

I must say Apple has greatly improved the Mac, but still for the money a PC can run all the same software and more and you're not tied down with expensive prorietary parts, or the inane restrictions you have with some of the lower end Macs like the iMac. I do like Macs for one thing they look nice and even the OS is pretty spiffy looking, (and when I say Macs I mean real machines like the G4 and G5, not that iMac stuff). The day they let me build my own Mac to my liking then I may consider it.

Oh and I wouldn't mind that nice 23" Mac monitor either, "great display, just don't attach it to a Mac" as one reviewer put ;-)

[js1138]

I've been battling this Welchi virus all day. I have no idea how it managed to get past the firewall.

A good hardware firewall will block all ports by default, then let you open just those needed for specific services. I was doing great until the firewall died. I was stupid not to have a software firewall running as a backup. Live and learn.

[Petronski]

How would I know if I've caught SOBIG.F or the others. I have a win98 box with PC-Cillin.

In the case of a buddy's winxp machine that I disinfected last week, I knew he had msblaster by running a search for the msblast file. Is there a similar tell-tale for these new virii? Or is the lack of any symptoms/warnings proof that I'm not infected?

[N3WBI3]

No stupid for having an SQL server on the internet, thats what DMZ's are for..

[N3WBI3]

No the PC world, from the Windows world..

[Question_Assumptions]

I must say Apple has greatly improved the Mac, but still for the money a PC can run all the same software and more

The only thing I miss on my Mac is games and, frankly, I'm better of saving my money and my time by not having them.

and you're not tied down with expensive prorietary parts,

Not much of a problem any more since they mostly use IDE drives and standard memory and they include so many ports and such standard that most people will only need peripherals, which are USB or Firewire. If you break something, that could be a factor but I haven't had a problem with breaking things since they are built pretty solidly.

or the inane restrictions you have with some of the lower end Macs like the iMac.

For example? The only problem I'm aware of is that hard drives can be very difficult for an end user to replace in some Macs.

I do like Macs for one thing they look nice and even the OS is pretty spiffy looking, (and when I say Macs I mean real machines like the G4 and G5, not that iMac stuff).

My iBook works just fine. Of course the 12" PowerBook would now be my option. I'm waiting to see if they can pull off a G5 laptop before I upgrade.

The day they let me build my own Mac to my liking then I may consider it.

What do you want to build into it that isn't included standard or that you can't easily get?

[steve-b]

Besides clogging e-mail systems with messages carrying subject lines like "Re: Details" and "Re: Wicked screensaver," the virus also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into relayers of spam e-mail.

All known spammers should be hauled in for some investigation, as they clearly have the motive, means, and opportunity.

[js1138]

Possibly, but this is a 10 computer office with one server. SQL is completely isolated by the hardware firewall and ZoneAlarm now.

[martin_fierro]

FREE PC PROTECTION: Spyware removers: Spybot S&D AdAware Bayden Systems Popup Popper: Blocks popup ads well in MSIE MailWasher: Good for pre-screening & bouncing SPAM AVG Anti-Virus Free Edition: Free anti-viral protection Windows Update: At least install the critical ones ZoneAlarm: Excellent Firewall Alternative browsers: Mozilla Opera