Got like about 30 emails with FG tag, this is why

Sobig fastest e-mail infection ever
MSNBC News Services


A computer virus that circulated across the Internet this week, hard on the heels of another nasty online infection, is the fastest e-mail outbreak ever, an antivirus company said. The Sobig.F virus, which continued to spread like wildfire Thursday, has been blamed for computer disruptions at businesses, colleges and other institutions worldwide.

MESSAGELABS, which scans e-mail for viruses, said that within 24 hours it had scanned more than 1 million copies of this latest variant of the Sobig virus.
"It's unprecedented in our history. ... It's a pretty frightening statistic. And the next incarnation could be even worse," said MessageLabs' chief information analyst Paul Wood.

Sobig.F is the fifth version of the virus, which has been including an expiration date with each variant. The prior version expired last month; Sobig.F is set to expire Sept. 10.

Sobig does not physically damage computers, files or critical data, but it ties up computer and networking resources. One in 17 e-mails sent around the world since Monday had been affected by Sobig, Wood said, with some fearing the virus could increase global e-mail traffic by as much as 60 percent, slowing the Internet to a crawl.

HOW IT SPREADS
One reason is that the e-mail messages by which the virus spreads are forged to appear to come from genuine Internet users. Many antivirus systems then send an automatic alert back to the Internet user, telling them they are infected. Users whose e-mail addresses have been thus forged can then receive hundreds of these virus alerts, adding to Internet traffic jams.

MessageLabs chief technology officer Mark Sunner also said the virus was helped along because it essentially had e-mail software built in. Previous ones relied on existing software packages like Microsoft's Outlook and did not spread as quickly among users of rival e-mail software.

Antivirus experts think the author may be using the worm to construct an elaborate network of hijacked computers that can be used to send spam.

The SoBig virus spreads when unsuspecting computer users open file attachments in e-mails that contain such familiar headings as "Thank you," "Re: Details" or "Re: approved."

Once the file is opened, SoBig scours the computer for e-mail addresses, checking in Word documents, Internet logs and e-mail inboxes. Designed like mass-mailing spam programs, it then sends scores of messages to the addresses it has collected.

PREVIOUS RECORD

Before Sobig.F, the previous record for an e-mail infection was "Klez," with about 250,000 copies spotted during its first 24 hours earlier this year, Sunner said. There have been faster outbreaks on the Internet, but those circulated through networking functions built into Windows operating systems.

The "Slammer" worm struck more than 75,000 computers in just 10 minutes in January, with the number of infected computers doubling every 8.5 seconds, according to researchers at the University of California and other institutions. It went on to infect hundreds of thousands more. E-mail viruses like Sobig can hit the same computer multiple times, so the number of infections are not directly comparable.

NETWORKS SLAMMED
Removing all that extra e-mail takes time and resources. The University of Wisconsin-Madison, for example, had to shut down outside access to its e-mail system Wednesday.

"We were removing 30,000 bad e-mails an hour," said **** Savoy, an information security officer at the school.

In India's high-tech city of Bangalore, dozens of cybercafes shut down and home computers blacked out. Some cafes were hit because their service provider was affected, but others got the virus in machines using Windows operating systems.

The owner of one of the Internet's most popular e-mail lists, technologist David Farber, was livid about Sobig.

"I got 1300 junk e-mails 'delivered' this AM," he said in a message to subscribers Thursday. "Find the person and put him/her in jail."

SEPARATE WORM STILL DAMAGING
Meanwhile, the fallout of the "MSBlast" or "Blaster" worm continued. The outbreak began 10 days ago with the so-called "Blaster" or "LovSan" worm which, by some estimates, infected more than 500,000 computers running the latest version of Microsoft Windows, the world's dominant operating system.

This week, the "Welchia" or "Nachi" worm surfaced. It masquerades as a benign program that attempts to fortify computers against infection from Blaster.

But it packs a punch. It clogs computer networks, slowing Internet connections and even knocking systems offline. Nachia's victims include the European engineering firm ABB, Air Canada and the U.S. Navy and Marine Corps.

Thursday, experts were again urging computer users to shore up their machines with anti-virus software and to delete suspicious-looking e-mails, hoping that preventive medicine would stop this wave before the next round.

"This has gone to a whole new level. To have this sort of barrage coming at you is a nightmare for an IT technician who has to take care of a corporate network," said Graham Cluley, senior technical consultant for security firm Sophos Anti-Virus.






The Associated Press and Reuters contributed to this report.