Skip to comments.
SoBig worm aims to turn PCs into spam machines
Reuters
| August 21, 2003
Posted on 08/21/2003 12:05:57 PM PDT by HAL9000
Several Internet worms that have besieged computers for over a week played havoc again, including one called Sobig.F, whose aim was to turn PCs into spam machines and was believed to be the fastest-growing virus ever, experts said. Sobig.F drops software onto infected Windows computers that open them to be used later for distributing Internet spam -- unwanted e-mails and product promotions, experts said. It also represents a new trend in converging e-mail spamming and virus software writing, they said.
"We believe [Sobig.F] has been written by a spammer or spammers" looking for ways to get past spam filters, said Mikko Hypponen, manager of antivirus research for Finnish security firm F-Secure. "For once, we have a clear motive for a virus -- money."
Security experts said it was difficult to ascertain how many computers had been infected by the Sobig.F worm. Worms are viruses that spread through networks.
Internet service America Online Inc., however, said it blocked about 11.5 million copies, while security firm MessageLabs stopped more than 1 million copies within the first 24 hours and dubbed Sobig.F the fastest-growing e-mail virus seen yet.
Sobig.F hit the computing world as corporations were still recovering from several worms that spread through holes in Microsoft Corp.'s Windows operating systems, including the Blaster worm. Also called LovSan, it has infected and crashed hundreds of thousands of computers since last week.
The Welchi, or Nachi, worm, which surfaced on Monday, infected 72,000 computers used by the U.S. Navy and Marine Corps and crippled Air Canada's reservation counters and call centers.
CSX Transportation said yesterday that a virus infection had slowed its dispatching and signal systems, forcing it to halt passenger and freight train traffic, including the morning commuter train service in Washington.
Spam-virus convergence
Sobig.F hit home users particularly hard, experts said. It arrives in an e-mail with an attachment that when opened infects the computer and sends itself on to other victims using a random e-mail address from the address book, making it difficult to trace the worm back to its source.
The SoBig family of worms represents a new trend in the convergence of worm and spam techniques for more widespread and faster deployment, experts said.
Virus writers are using software that spammers employ to send bulk spam messages. Conversely, spammers are starting to use methods incorporated by virus writers to spread their messages and avoid detection, said Brian Czarny, marketing director at MessageLabs.
Previous SoBig versions loaded a program onto infected PCs that broadcast spam to other computers, thus turning the PCs into so-called "spam relays."
Sobig.F downloads a Trojan onto infected computers, which could later be remotely activated to send spam, experts said.
"There are computers scanning the Internet for open relays so spammers can jump from one machine to the next and be able to send millions of spam messages and have them not be traced back to them or be blocked," said Jimmy Kuo, research fellow at antivirus vendor Network Associates Inc.
Sobig.F, which expires Sept. 10, is spreading quickly because it sends multiple e-mails simultaneously and spreads to other computers on a shared network, said experts, who predict there will be another version in the near future.
TOPICS: News/Current Events; Technical
KEYWORDS: blaster; lowqualitycrap; microsoft; msdestroyinginternet; nachi; sobig; spam; virus; welchi; windows; worm
Navigation: use the links below to view more comments.
first 1-20, 21-23 next last
1
posted on
08/21/2003 12:05:57 PM PDT
by
HAL9000
To: HAL9000
You know, I got an e-mail from Prayermanager this morning. I had never signed up for these and have tried to unsubscribe. Anyway, this one just said, "The Movie" as an attachment. I blew it out.
Was it a worm?
2
posted on
08/21/2003 12:12:48 PM PDT
by
netmilsmom
(God Bless our President, those with him & our troops)
To: HAL9000
In my opinion, the penalty for Internet sabotage, creating viruses, etc., should be life imprisonment. I am so tired of these smelly little creeps.
To: HAL9000
Okay, let's reason this out. If the virus is setting up spam relays, have the FBI track down the beneficiaries of the relay (by the totally obvious method of responding to the spam, posing as a customer) and bust them for everything that could possibly stick.
4
posted on
08/21/2003 12:16:00 PM PDT
by
thoughtomator
(Are we conservatives, or are we Republicans?)
To: HAL9000
Muttly want SoBig worm.
Muttly eat Spam...yum !
Can Muttly have more Spam now ?
SoBig worm nice. Muttly WANT !!!
5
posted on
08/21/2003 12:16:00 PM PDT
by
PoorMuttly
(Hey Laz...your technique seems to be working again)
To: netmilsmom
You can be confident that any unsolicited email attachment is an attempt to gain control of your computer. Worm, trojan, virus, or whatever, doesn't really matter once they have control of your machine.
6
posted on
08/21/2003 12:18:08 PM PDT
by
thoughtomator
(Are we conservatives, or are we Republicans?)
To: Steve_Seattle
I vote for execution. Seriously.
7
posted on
08/21/2003 12:18:45 PM PDT
by
WayneM
To: netmilsmom
8
posted on
08/21/2003 12:18:57 PM PDT
by
Salo
To: netmilsmom
Yes... the attachment has shown up as "your details", "your application", "cool screensaver", "the movie"
9
posted on
08/21/2003 12:19:19 PM PDT
by
So Cal Rocket
(Free Miguel, Priscilla and Bill!)
To: PoorMuttly
Can Muttly have more Spam now ? It's easy: Go onto a couple newsgroups, post a few messages, and use your real email address in the From: line.
Spam: Slice it up nice & thin, and it's better bacon than bacon. Yum!
10
posted on
08/21/2003 12:20:47 PM PDT
by
jennyp
(http://crevo.bestmessageboard.com)
To: netmilsmom
BTW, update your virus scanner definitions. This one has been detectable for a few days now.
11
posted on
08/21/2003 12:20:58 PM PDT
by
Salo
To: netmilsmom
The movie
Your Details
Wicked ScreenSaver
These are the three that are showing up here. I'm getting tired of deleting the dang things.
To: Steve_Seattle
Also, any attempt to evade spam filtering should be treated like any other attempt to gain unauthorized access to other people's computers.
13
posted on
08/21/2003 12:24:41 PM PDT
by
steve-b
To: jennyp
Will do. Always hungry. Bacon Spam and Bacon a Muttly favorite...especially with cheese...and bird...uh...only joking....cookie...that's it....Muttly call cookie "bird"..
...(did they buy that.....)
14
posted on
08/21/2003 12:25:33 PM PDT
by
PoorMuttly
(Sorry. Muttly ate Tag Line again)
To: HAL9000
I hope the writer of this worm appreciates that people are routinely killed for sums of money that are a
tiny fraction of what he cost probably tens of thousands of people and companies.
I wouldn't kill him, myself, but if his mortal remains turn up in a suitcase somewhere, and somehow I know how they got there, I won't be sharing that knowledge with the police.
To: Steve_Seattle
# 3 writes-"In my opinion, the penalty for Internet sabotage, creating viruses, etc., should be life imprisonment. I am so tired of these smelly little creeps." Reply-You are so right. If we put some tough laws on the books and enforce them you will see the amount of spam and viruses drop dramatically.
To: HAL9000
The Welchi, or Nachi, worm, which surfaced on Monday, infected 72,000 computers used by the U.S. Navy and Marine Corps
I thought the
Lexington and
Ticonderoga took out the
Nachi back in 1944
To: HAL9000
I just downloaded an evaluation copy of Mailwasher (firetrust.com), and it's really coming in handy. The setup is fairly easy, but the neat feature is that it accesses incoming mail (from one or multiple accounts) on the server, before it's downloaded. From there, you can choose to view the entire message (photos & attachments are blocked), view just the header, and then either blacklist it (the sender or the entire domain), bounce it back to the sender, delete it, add it to a friends list, or set up a filter for it. You still have to open each mailbox in your e-mail program to download the messages you actually want on your computer, but it prevents spam -- both dangerous and innocuous -- from ever reaching your computer.
To: So Cal Rocket
Yes... the attachment has shown up as "your details", "your application", "cool screensaver", "the movie" Been getting those all day. I've also been getting a bunch on "Mail Undeliverable" messages with those titles. My computer must be sending out spam.
19
posted on
08/21/2003 1:57:46 PM PDT
by
Allegra
To: browardchad
The setup is fairly easy, but the neat feature is that it accesses incoming mail (from one or multiple accounts) on the server, before it's downloaded. That is a good feature. If your ISP has a web mail interface, it can be used to screen mail too.
20
posted on
08/21/2003 2:01:20 PM PDT
by
HAL9000
Navigation: use the links below to view more comments.
first 1-20, 21-23 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson