- SAN FRANCISCO (Reuters)
-- Computer security experts thwarted an attack by computer worm Sobig.F
on Friday just as the FBI subpoenaed an Arizona Internet service provider
in order to trace the fast-spreading virus experts believe was first posted
on an adult-oriented Web site.
-
- One expert said the Sobig.F e-mail virus was disguised
so that anyone who clicked on a link purporting to show a sexually graphic
picture became infected with the self-replicating worm, which then spread
itself to other e-mail addresses.
-
- "Sobig.F was first posted to a porn Usenet group,"
said Jimmy Kuo, research fellow at anti-virus software maker Network Associates
Inc. Usenet is a popular forum on the Internet where computer users with
similar interests post and read messages.
-
- So far, as many as 100,000 computers have been infected
with Sobig.F, which in turn has spewed "millions upon millions of
infected e-mails" to other Internet users, Kuo added.
-
- Sobig.F spreads when unsuspecting computer users open
file attachments in e-mails that contain such familiar headings as "Thank
You!," "Re: Details" or "Re: That Movie."
-
- Once the file is opened, Sobig.F resends itself to e-mail
addresses from the infected computer and signs the e-mail using a random
name and address from the computer's address book.
-
- Since Monday, computer users from Korea to Norway have
struggled to fend off attacks that have crippled corporate e-mail networks
and have filled home users' inboxes with a glut of messages, before fanning
out to find more victims.
-
- Consulting firm Booz Allen Hamilton, Air Canada, transport
company CSX Corp. are among hundreds of companies that have suffered network
attacks from recent viruses.
-
- ATTACKS, SHUTDOWNS, NEW THREATS
-
- Employees at the New York Times headquarters in midtown
Manhattan were asked to shut down their computers, but a spokesman declined
to comment on the cause of the shutdown.
-
- "We will not speculate on the cause, effect or scope
of the problem ... We plan to get the paper out tomorrow."
-
- Sobig.F was written to expire on Sept. 10, but experts
said they expect another version to follow. This is the sixth version of
the portentously named virus since it first appeared in January.
-
- The worm has been clogging e-mail inboxes with a hidden
command directing infected PCs to make contact with one of 20 vulnerable
computers at 12:00 PT California time every Friday and Sunday until it
expires, said Steve Trilling, chief researcher at anti-virus vendor Symantec
Corp. .
-
- Government and industry security experts raced against
the clock on Friday to take offline 19 of the 20 home computers, thwarting
an attack before the 12 noon deadline, said Mikko Hypponen, anti-virus
research manager at F-Secure of Finland.
-
- The computers were located in the United States, Canada
and South Korea, he said. The remaining master computer, which was in the
United States, was taken down shortly after the deadline, experts said.
-
- Experts had worried that the timed attack would slow
down Internet traffic and possibly set in motion a new set of commands
to launch new attacks. However, they cautioned that it was too early to
tell whether the threat of Sobig.F had ended. The next expected attack
could spur new problems, they said.
-
- Internet service provider Easynews.com of Phoenix, Arizona
said it had been contacted by investigators by telephone on Thursday and
the company was issued a subpoena on Friday.
-
- "It looks like the original variant was posted through
us to Usenet on the 18th (of August)," Michael Minor, the Internet
service provider's chief technology officer, told Reuters.
-
- An FBI spokesman said the organization was working with
the U.S. Department of Homeland Security to investigate who was behind
the e-mail attacks. He declined to comment further. (Additional reporting
by Eric Auchard, Kenneth Li and Derek Caney in New York, Tim McLaughlin
in Boston, Jim Christie and Andrea Orr in San Francisco and Bernhard Warner
in London)
-
- Copyright © 2003 Reuters Limited. All rights reserved.
Republication or redistribution of Reuters content is expressly prohibited
without the prior written consent of Reuters. Reuters shall not be liable
for any errors or delays in the content, or for any actions taken in reliance
thereon.
-
- http://news.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=3324806
|
