Posted on 08/23/2003 5:38:47 PM PDT by gitmo
The fastest spreading Internet virus in history, one that experts feared would paralyse the Internet in an attack scheduled for yesterday afternoon, originated on the personal computer of an unwitting user in B.C., authorities said last night.
The "Sobig" worm, which fizzled yesterday when the 'trojan horse'-type program did nothing more than direct users to an Internet porn site, has bombarded computers with almost 100 million junk messages since Tuesday.
The worm ordered infected Windows machines to download a mysterious program yesterday at 3 p.m.
Even at the cusp of the hour, experts remained in the dark as to the purpose of that unknown program.
But rather than erase files, pilfer passwords or create rogue e-mail servers to spread junk messages -- as experts feared -- the virus made an unexpected turn and download an address for an adult Web site.
"There is nothing malicious, just a standard sex site," said Vincent Weaver, security director with Symantec Security Response, an anti-virus software maker.
Still, experts stress there may be other Sobig variants that harbour other more insidious instructions.
Security experts contained the virus by identifying and blocking as many as 19 out of 20 home computers located mainly in Canada and the U.S. that hundreds of thousands of infected PCs were told to contact, said Symantec representatives. The computers were to provide the infected PCs with an address where new and possibly dangerous software could be downloaded.
One of the 20 computers that remained online passed on the porn site address that experts believed to be benign, said Symantec senior director Stephen Trilling. Sobig instructed computers to keep trying to reach the computers every Friday and Sunday until its expiration Sept. 10, Mr. Trilling said.
Meanwhile, the FBI yesterday served a grand jury subpoena on Easynews.com, a Phoenix-based Internet service provider whose network may have been used to disseminate Sobig. The virus is believed to have been released onto Usenet, a kind of Internet bulletin board, by someone with an account at the service provider, according to Michael Minor, the company's co-owner. A stolen credit card number was used to create the account minutes before the virus was unleashed on Monday, Minor said. His company is co-operating with the FBI, he added.
A computer in British Columbia was apparently used to create the account. Experts said the computer belongs to an innocent home user who was hit by a previous version of the virus that allowed the clandestine programmer to seize control of the computer. That makes catching the writer of the virus more difficult, experts said.
The New York Times said computers at its offices in New York City were shut down when they "experienced difficulties" shortly after noon yesterday, but the company wouldn't say for certain that Sobig was the cause but did stress that it would publish today's edition.
The Sobig virus was part of an onslaught of rogue computer programs -- including a form of the Blaster worm which appeared last week -- that have snarled computer networks and disrupted commercial infrastructure over the past two weeks.
Sobig and two other viruses tried to attack the City of Ottawa's 8,000 computer systems yesterday, overwhelming computers and producing customer service interruptions at the city's seven client centres.
The Welchia and Blaster worm viruses, which have been targeting hundreds of thousands of computers around the world, are having the most impact by interrupting the city's services.
The crawlers discreetly use a person's computer to launch Internet-based attacks against other systems or can automatically download massive files, snarling Internet traffic and creating system failures.
System interruptions at the city were first noticed yesterday around 9 a.m. and continued throughout the day, said Michelle Grégoire, manager of the service centres.
"Clients who had bills and tickets with them were able to pay them. We could still do marriage licenses and general employment information," she said. "What we weren't able to do was look up inquiries into the tax system, water system or parking ticket system. We couldn't access that data, so those questions couldn't be answered."
Customers were also unable to access building permits due to system failures, she said.
The city's technical staff said it will likely take most of the weekend to eradicate the viruses, but expect systems will be fully operational by Monday.
I don't think I'd want a jury made up of grad students...
--Boris
I wonder whether SoBig.F will attempt to access the same IPs on the second/third/fourth runs or whether the code is self modifying and it will look for different ones. Also, IIRC, terrorists have been known to communicate through messages hidden in porn images. I don't necessarily see anything comforting in the fact that SoBig.F pointed to a porn site.
No -- but we still have to cope with receiving dozens of copies of these emails on a daily basis. And if you're on a slow dial-up connection, it's a real pain.
Well, you know what they say: every cloud has a silver lining!
Penguins don't get worms.
(Heh, heh, heh, heh...)
Yeah, right. Probably all the writers, editors and higher ups at the Times were using "the e-mail directed me" excuse to view porn sites at work........
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.