omputer worm virus traced to source in B.C.
Peter Morton, Washington Bureau Chief
National Post, with files from Bloomberg News
Saturday, August 23, 2003
ADVERTISEMENT
WASHINGTON - The FBI and U.S. Homeland Security investigators appeared last night to have largely shut down a computer virus attack that may have originated with a computer in British Columbia.
Worried the so-called "Sobig" worm may have been programmed to attack key computer networks yesterday afternoon, U.S. and Canadian officials managed to shut down 19 of the 20 computers thought to have been targeted.
The latest version of Sobig, called Sobig.F, was apparently disguised as a pornographic picture which, when opened, attached itself to e-mail address books. It would have begun sending millions of junk e-mail, causing havoc on corporate and home computer systems.
Sobig has infected networks of FedEx Corp., Starbucks Corp. and AOL Time Warner Inc., and the states of New Jersey, Pennsylvania and North Carolina. The New York Times Co. said computers at its offices in New York City ''experienced difficulties'' shortly after noon yesterday. The company would not say for certain Sobig was the cause.
Investigators suspect the latest and extremely sophisticated version of Sobig may have been launched unwittingly from a B.C. home computer that had been taken over by the virus.
It was traced through an Internet provider in Phoenix, which, according to reports, is co-operating with police after being served with a grand jury subpoena.
The FBI would not confirm details last night of the investigation, except to say it was doing what was necessary to find out how the virus operates and who sent it. "The FBI will use all the necessary means allowed by law to determine the author of this virus and bring him or her to justice," said Bill Murray, of the FBI's cyber division.
Sources said the person who unleashed the latest version of Sobig used the Phoenix-based Easynews.com account, apparently paid for with a stolen credit card and established minutes before the virus was released on the Internet on Monday.
The account appears to have been established from a computer in British Columbia that belongs to an unwitting home user, whose computer seems to be infected by a previous version of the virus.
U.S. and Canadian law enforcement officials, working with the computer security community yesterday, were successful in shutting down 19 out of the 20 computers that were to deliver further instructions to other Sobig-infected computers.
Sobig.F has become one of the most widespread viruses on record, choking corporate e-mail networks and jamming many home users' inboxes with as many as 100 million e-mails.
It will try to do the same thing every Friday and Sunday until it expires on Sept. 10, Stephen Trilling, senior director at Symantec Security Response, said on a conference call.
pmorton@nationalpost.com © Copyright 2003 National Post