Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

SoBig worm aims to turn PCs into spam machines
Reuters | August 21, 2003

Posted on 08/21/2003 12:05:57 PM PDT by HAL9000

Several Internet worms that have besieged computers for over a week played havoc again, including one called Sobig.F, whose aim was to turn PCs into spam machines and was believed to be the fastest-growing virus ever, experts said.

Sobig.F drops software onto infected Windows computers that open them to be used later for distributing Internet spam -- unwanted e-mails and product promotions, experts said. It also represents a new trend in converging e-mail spamming and virus software writing, they said.

"We believe [Sobig.F] has been written by a spammer or spammers" looking for ways to get past spam filters, said Mikko Hypponen, manager of antivirus research for Finnish security firm F-Secure. "For once, we have a clear motive for a virus -- money."

Security experts said it was difficult to ascertain how many computers had been infected by the Sobig.F worm. Worms are viruses that spread through networks.

Internet service America Online Inc., however, said it blocked about 11.5 million copies, while security firm MessageLabs stopped more than 1 million copies within the first 24 hours and dubbed Sobig.F the fastest-growing e-mail virus seen yet.

Sobig.F hit the computing world as corporations were still recovering from several worms that spread through holes in Microsoft Corp.'s Windows operating systems, including the Blaster worm. Also called LovSan, it has infected and crashed hundreds of thousands of computers since last week.

The Welchi, or Nachi, worm, which surfaced on Monday, infected 72,000 computers used by the U.S. Navy and Marine Corps and crippled Air Canada's reservation counters and call centers.

CSX Transportation said yesterday that a virus infection had slowed its dispatching and signal systems, forcing it to halt passenger and freight train traffic, including the morning commuter train service in Washington.

Spam-virus convergence

Sobig.F hit home users particularly hard, experts said. It arrives in an e-mail with an attachment that when opened infects the computer and sends itself on to other victims using a random e-mail address from the address book, making it difficult to trace the worm back to its source.

The SoBig family of worms represents a new trend in the convergence of worm and spam techniques for more widespread and faster deployment, experts said.

Virus writers are using software that spammers employ to send bulk spam messages. Conversely, spammers are starting to use methods incorporated by virus writers to spread their messages and avoid detection, said Brian Czarny, marketing director at MessageLabs.

Previous SoBig versions loaded a program onto infected PCs that broadcast spam to other computers, thus turning the PCs into so-called "spam relays."

Sobig.F downloads a Trojan onto infected computers, which could later be remotely activated to send spam, experts said.

"There are computers scanning the Internet for open relays so spammers can jump from one machine to the next and be able to send millions of spam messages and have them not be traced back to them or be blocked," said Jimmy Kuo, research fellow at antivirus vendor Network Associates Inc.

Sobig.F, which expires Sept. 10, is spreading quickly because it sends multiple e-mails simultaneously and spreads to other computers on a shared network, said experts, who predict there will be another version in the near future.



TOPICS: News/Current Events; Technical
KEYWORDS: blaster; lowqualitycrap; microsoft; msdestroyinginternet; nachi; sobig; spam; virus; welchi; windows; worm
Navigation: use the links below to view more comments.
first previous 1-2021-23 last
To: HAL9000
If your ISP has a web mail interface, it can be used to screen mail too.

My ISP does, but you have to log in to one account at a time, whereas this will let you view messages from all accounts on one screen, and apply rules or blocks quickly.

21 posted on 08/21/2003 2:36:51 PM PDT by browardchad
[ Post Reply | Private Reply | To 20 | View Replies]

To: Allegra
I've also been getting a bunch on "Mail Undeliverable" messages with those titles. My computer must be sending out spam.

Not necessarily ... the worm spoofs the 'From:' header.

I've been getting the same emails in my inbox, supposedly showing that I used Microsoft Look Out to spread the worm, and the last time I ran a Gates machine was a few weeks ago.
22 posted on 08/21/2003 3:27:07 PM PDT by Mike Fieschko
[ Post Reply | Private Reply | To 19 | View Replies]

To: HAL9000
I ran stinger - so far, it looks like my box is clean, but two others on the network were infected.
23 posted on 08/21/2003 3:28:03 PM PDT by Chancellor Palpatine ("what if the hokey pokey is really what its all about?" - Jean Paul Sartre)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-23 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson