Already dubbed the worst virus week ever by software insiders, computer users have been deluged with infected operating systems and e-mail. And like someone scratching an irritating mosquito bite, computer users are wondering how long this rash of attacks will last.

The latest infection to spread through the Internet this week – in the wake of a malicious attack against users of the latest Microsoft Corp. operating systems – is known as the SoBig.F worm, or Sobig worm.

Declared the “fastest e-mail outbreak ever” by one Internet security company, the worm clutters inboxes with infected e-mail, using subject headings like “Your details,” “Your application,” “Thank you!” and “Wicked screensaver.”

Once the attachment is opened, the worm replicates the e-mail and every 10 minutes, sends it off to other users from the infected computer’s address book. The worm does not delete files from the computer, but turns it into a spamming machine, slowing down systems and networks.

At Chicago’s Preon Power Inc., an electrical engineering firm, Dova Juzenas said she has received about 20 such e-mails a day this week. And that’s what filtered into her inbox after the anti-virus software caught most of the other SoBig.F e-mails.

“It’s just annoying because it holds up the e-mail you usually receive,” said the sales assistant.

Like most Internet attacks, the SoBig.F worm – so far – has been more a nuisance than destructive.

“Sheer destructiveness rarely seems to be the goal. It’s on a prankster level, not necessarily malice,” said Mike Scher, director of labs at Chicago computer security consultant Neohapsis.

“Most of the folks underground are too knowledgeable to be destructive. They do it to prove “Just because I can.”‘

Another common trait is a vendetta against Windows operating systems. Since more than eight of 10 home and office computers operate on the Windows operating system, the popular software is ripe for repeated attacks.

“There are some people in the underground who are interested in the breadth they can reach,” Scher said. “They’re thumbing their noses at Microsoft.”

Another worm known as “Nachi” emerged Monday and knocked Air Canada’s reservation system offline, causing delays to several flights.

And Central Command, an anti-virus service provider, warned Thursday of a possible cyberattack to coincide with the second anniversary of Sept. 11, 2001.

The Cleveland company said the SoBig worm has a pattern of releasing new variants after the existing version deactivates. The worm has the potential to download components of the attacker’s choice onto the infected computer. The current SoBig.F worm is programmed to deactivate on Sept. 10, and the company warns infected computers maybe “awaiting instructions” for a digital assault by SoBig.G, the worm’s next incarnation on or near Sept. 11.

The downloaded components may include a backdoor hacker program, which could allow someone to gain control of that computer.

“A potential risk is that the massive army created by (the SoBig worm) could be used to launch an all-out attack on large Internet infrastructures,” said Steven Sundermeier, a Central Command vice president, in a statement.

Though the SoBig.F worm has been the most visible of recent e-mail hijackings, Scher said many more worms quietly promulgate through the back door, letting attackers create an invisible network of machines that could be centrally controlled by an individual.

“Anybody in possession of an unknown hole, they have carte blanche to the system. So it’s unlikely they will turn it into a loud and noisy worm, and risk losing access to it.”

The easiest solution to avoid the SoBig worm is to delete suspicious e-mail. Scher suggests keeping up with the latest versions of anti-virus software programs and downloading the most up-to-date patches.

On Thursday, Microsoft released a patch on their Web site for two critical vulnerabilities in its Internet Explorer Web browser.

“It’s important not to treat this as fear, uncertainty or doubt,” Scher said.

An anti-virus program does not necessarily mean you’re safe from a computer attack if you don’t have the latest updates. When anti-virus software checks incoming e-mails for infection, they partially open the file to examine it. By then, your computer may already be infected.

– – –

(c) 2003, Chicago Tribune.

Visit the Chicago Tribune on the Internet at http://www.chicago.tribune.com/

Distributed by Knight Ridder/Tribune Information Services.

AP-NY-08-21-03 2002EDT


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.