/-------------------- advertisement -----------------------\
Explore more of Starbucks at Starbucks.com.
http://www.starbucks.com/default.asp?ci=1015
\----------------------------------------------------------/
Old Virus Has a New Trick: Mailing Itself in Quantity
August 20, 2003
By JOHN SCHWARTZ
If the e-mail message offers "details," "That movie" or
"Wicked screensaver," don't open the attachment. (And why
are you still opening unsolicited attachments, anyway?
Don't you ever learn?)
One of the most common rogue computer programs on the
Internet made a virulent reappearance yesterday. The virus,
known by security companies as SoBig.F, spread rapidly by
e-mail messages across computer networks.
MessageLabs, an e-mail security company that described the
virus in an alert yesterday, said it was "spreading very
vigorously." Other virus experts were more blunt.
"It's shooting off like a rocket," said Ken Dunham,
malicious code intelligence manager for iDefense Inc. in
Reston, Va. The flood of e-mail does not necessarily mean
that especially large numbers of machines are infected, he
said. This bug is simply more efficient than previous
programs at sending itself around. The mail program that
the virus uses is "multithreaded," which allows it to send
out many copies at once.
But the creator of the program appears to have gone a step
further, Mr. Dunham said, using computers that were taken
over by previous versions of the SoBig virus to mass-mail
copies of the program, as spammers do.
Like many other mass-mailing viruses, SoBig comes with its
own mail program that trolls through the victim's address
book, stored Web pages and other files, picking up e-mail
addresses. It then sends itself to every address it finds,
and often disguises the sender's true identity by
substituting an address from the victim's machine. Once the
program has infected a machine, it will download a Trojan
horse program that could allow an attacker to take over the
target PC.
The new SoBig comes during a busy time in the malicious
software world. Computer users have had to deal with
onslaughts from several new programs lately, including the
Blaster worm and another called Nachi or Welchia, which has
been marauding through corporate computer networks. Like
most rogue programs, this latest virus affects computers
running versions of Microsoft operating systems.
With SoBig, many computer users whose machines become
infected often bring the problem upon themselves by trying
to open the attachment that comes with the e-mail message.
It might be called "your details," "thankyou" or other
names, but almost always ends in the file extension ".pif"
or ".scr."
Infection can be prevented by deleting suspect e-mail
messages without clicking on the attachments, virus experts
said yesterday, but "once somebody lets that one part in,
it will quite happily propagate itself" throughout a
network, said Vincent Weafer, senior director of Symantec
Security Response. The program is blocked by recent
versions of most antivirus programs.
Like other variants of SoBig, the program was written to
stop spreading on a certain date, in this case Sept. 10.
Computer virus experts suggest that the program's creator
is releasing each version for a limited time in a process
of testing, tinkering and improvement.
http://www.nytimes.com/2003/08/20/technology/20VIRU.html?ex=1062496151&ei=1&en=56e226ea40ccedfd
---------------------------------
Get Home Delivery of The New York Times Newspaper. Imagine
reading The New York Times any time & anywhere you like!
Leisurely catch up on events & expand your horizons. Enjoy
now for 50% off Home Delivery! Click here:
http://www.nytimes.com/ads/nytcirc/index.html
HOW TO ADVERTISE
---------------------------------
For information on advertising in e-mail newsletters
or other creative advertising opportunities with The
New York Times on the Web, please contact
[EMAIL PROTECTED] or visit our online media
kit at http://www.nytimes.com/adinfo
For general information about NYTimes.com, write to
[EMAIL PROTECTED]
Copyright 2003 The New York Times Company
MSN 8: Get 6 months for $9.95/month. -------------------------------------------- This service is hosted on the Infocom network http://www.infocom.co.ug
