The Fastest Virus of All (Yet!!!)
Firms crippled by fast email virus
By Robert Uhlig, Technology Correspondent
(Filed: 21/08/2003)
Thousands of corporate email systems around the world were crippled yesterday by one of the fastest spreading computer viruses, Sobig.F, replicating at the rate of more than one million copies a day.
Sobig.F looks likely to overtake its close relatives Sobig.A and Sobig.B, already two of the biggest email viruses yet, and could become the most widely spread virus of all.
If so, it could cause hundreds of millions of pounds of damage in lost working time and business disruption.
A report published today estimates that the next major attack on Britain will cost business ฃ2.1 billion and that 2.2 million office days will be lost in downtime.
The report by the National Criminal Intelligence Service says that more than 70 per cent of businesses experienced a virus attack in the last year and few updated protective software and hardware.
Yesterday, Sobig.F had been spotted in at least 134 countries, bringing many email networks to a standstill and causing chaos for users around the world. The BBC received thousands of emails containing the virus.
In America, it brought email systems at the Massachusetts Institute of Technology to a standstill.
The situation was made worse by a second virus, called Welchia or Nachi, which disrupted ticketing systems at Air Canada, forcing the airline to cancel and delay flights, and at Lockheed Martin, the American aircraft and missile manufacturer.
Welchia needed to infect only one PC on a network to spread like wildfire, infiltrating every other machine.
It then tried to download a patch from Microsoft designed to make PCs safe from attack by viruses such as Welchia or Blaster, which attacked email systems last week.
In some companies where Welchia had infected thousands of PCs, the almost simultaneous demand by each PC trying to download the Microsoft patch immediately caused the entire network to collapse. Sobg.F was just as damaging. MessageLabs, an antivirus company, said it intercepted 100,000 copies in the first few hours of the attack. Since Tuesday, it has stopped more than 370,000 copies of the virus.
Sobig.F appeared programmed to address lists on the computers it infected to send out email copies of itself to more computers.
Anyone who suspects they may have an email with the virus was urged yesterday not to double-click on the attachment. If they do, the advice is to download the latest anti-virus software.
Alex Shipp, MessageLabs" senior anti-virus specialist, said: "The rate the Sobig virus is spreading is on par with the previous Lovebug virus, which was detected in one in every 28 emails we monitored."
The virus can be identified as coming from one of nine email addresses and including an attachment whose filename ends in "pif".
Infected emails also appear to have one of nine subject lines: "Re: details", "Re: approved, "Re: my details", "Re: Thankyou!", "Re: That movie", "Re: wicked screensaver", "Re: your application", "Your details", "Thankyou!"
Posted by : Phoenix , Date : 2003-08-21 , Time : 21:58:26 , From IP : 172.29.3.205
|