Net virus set for 9/11 blitz

The Sun UK ^ | August 23, 2003 | JONATHAN WEINBERG

[Pan_Yans Wife]

THE computer virus wreaking havoc across the Internet is set to destroy itself on September 10 — but not before spawning a DEADLIER new strain, experts believe.

That could be timed to create meltdown on September 11, shaking the world again on the anniversary of the terror blitz.

Yesterday, experts estimated that the Sobig.F email virus had caused £30million damage to businesses and home computers since Monday — with another wave of attacks due at around 7pm last night.

Billions of bogus messages are flooding through cyberspace, crashing email systems and bringing down business networks across the world.

The Sobig virus — first identified in January — is now in its sixth strain.

Jack Clark, of virus-busting firm McAfee, said: “It seems to be getting a lot cleverer. Even if it ends on September 10, it won’t be the last we’ve heard of it.

“A new version could rear its ugly head as early as the next day.

“You just can’t stop this sort of thing happening — even if everyone in the world installs a fix.”

The virus spreads when someone clicks open an attachment in an email headed “Thank You”, “Re: Details” or “Re: App-roved”. The attachments end with the letters “pif”.

Once open, it searches the computer for other email addresses and bombards them too.

Machines are left vulnerable to hackers who can access credit card numbers and bank details.

Yesterday, an instruction was found hidden in the virus that experts believed could make infected PCs bombard 20 specific world targets at 7pm.

That could seize up the Internet, making travel bookings and on-line sales impossible.

The time trigger is set to be activated again at the same time tomorrow.

Carole Theriault, a consultant at Sophos Anti-Virus, said: “The problem is we don’t know what that programme is.

“It could be dangerous and delete files, or just be a stupid message.”

Email traffic has soared 60 per cent in the past few days as Sobig spread to 148 countries. One in 17 messages contains the virus.

[AntiGuv]

Judgment Day??

[anymouse]

ping.

[MEG33]

I never open email from an unknown email address.

[egarvue]

Geez, it gets worse and worse (although I think that part of this is the media fanning the flames of a slow news month). I am so sick of Outlook-based viruses, and stupid people who open up attachements from strangers. My browser = Opera , my mail = PocoMail. Never been touched by an Outlook based virus yet!

[Salvation]

How many of you think the blackout and the trouble with the gasline in Arizona are connected to these virus worms?

[Salvation]

and I think it will eventually be traced to the terrorists!

[BobS]

Gee. The last few days I haven't recieved my quota of penis enlargement emails! I wonder why!

[MEG33]

I will ping you to articles that give some information on what happened.

[Pan_Yans Wife]

I do, and I also think terrorism is the culprit.

It has been EIGHT DAYS, and the government hasn't given a us much indication of what happened. They know what happened completely. Now, they will have their joint task force with Abraham and the corresponding Canadian official, and then will dig into the facts, so everyone can know.

In the meantime, what do you want to bet the gov't is doing everything possible to help the computer industry to shut every back door that seems vulnerable at the moment?

[Pan_Yans Wife]

Neither have I, btw! Why is that???

[Calpernia]

A good site to bookmark and visit (NOT in leu of personal antivirus software)

http://housecall.antivirus.com/

[Calpernia]

Hi MEG, one of the neat tricks mail worms do is also mask the sender.

So you can get an email that APPEARS to be from someone you know; but it really came from an infected computer of someone else.

Worms will randomly take an email address from the infected computer and insert that as the SENDER.

[MEG33]

I just installed Norton.It scanned everything and I am virus free.I did go awhile without critical updates but managed to install everything before the latest scare.I have been reading the update sight recommendations just to be sure.I've noticed FR usually has the news fast and warns us.I got a neat reply one time from a letter to a columnist and didn't open it for two weeks until I figured out who it was!

[gorebegone]

I just delete everything. Works like a champ!

[MEG33]

That ought to solve the problem!

[MEG33]

sight/site

[awaken2spirit]

Looks like this virus is a rather interesting package building upon previous exploits with some interesting new twists. It would seem that it ceases to propagate itself on September 10th. One of its features is to connect to a series of servers and download files from those servers. So in addition to the email congestion it is designed to create while spreading itself, it also serves as a "bootstrap" program as well. This is no doubt designed to be used in conjunction with whatever payload program it is downloading. Since we don't know what is in the "payload" program that it downloads, the payload could be thoroughly nasty. Good chance the payload program is designed to go off on 911. In any event, even if the source of this virus is not terrorist related, it is only a matter of time before one will be circulated which will be. Sad to say, it might be successful as well because they know that a certain percentage of people will always be stupid enough to open the email and attachment.

[Pan_Yans Wife]

I heard today that one of the main dangers when the payload is unloaded is what if it is child pornography, or some such? What if everyone's computers will be infected with illegal material? How do you then get rid of all of it? Do you prosecute everyone on the globe who have illegal material on their harddrives, when they weren't the ones who put it there? Food for thought. One if they are those silly MP3 files that people are being prosecuted for downloading? :)