It’s called the Sobig.F worm and so far the latest computer virus is living up to its name. It has spread faster than any previous piece of malicious software.
At one point last month e-mails carrying the virus accounted for around five per cent of the messages sent over the internet, enough to delay traffic and block the mail boxes of unwary users. Even Logistics Europe’s own production schedule was interrupted while the magazine’s internet service provider updated its systems.
The virus seems to be part of an audacious attempt to set up a hidden network involving millions of computers that will allow people who want to send unsolicited junk mail (spam) to evade efforts to block their activities. According to virus hunters, the aim of Sobig is to load hidden software onto infected computers so that they form a secret network for distributing spam.
‘Thank you’ very much
Sobig exploits security flaws in Microsoft software. It arrives in a file attached to an e-mail with an innocuous message such as ‘Thank You’. If a user opens the file the virus installs itself and reproduces by selecting e-mail addresses held on the infected machine. The virus is also programmed to download software – to enable its designers to hack in to the computer later.
At one time security experts were racing to locate and turn off 22 computers that were due to pass on the location of the hidden software to infected machines so that they could download it. In the event, mass download was averted.
‘This is likely a financial endeavour for the author alone or perhaps in concert with a gang of criminals supporting themselves through spamming, identity theft and bank fraud,’ says Joe Stewart of security firm the LURQH Corporation.
‘Unfortunately, it seems that more and more worms are being created to support other types of electronic criminal activity, so they have added incentive to continue to plague the internet.’ The impact on the supply chain of Sobig and the many other virus outbreaks that have plagued the internet is difficult to assess. However, an earlier virus outbreak was estimated to have cost business globally some e7 billion in lost work time and in cleaning up infected systems. The latest outbreak, the latest in a series of Sobig attacks, is likely to carry a similarly large price tag.
Although home users have borne the brunt of Sobig’s onslaught, few systems are immune from software like this. Virus attacks not only affect office systems used for e-mail, but can also enter closed company networks and overwhelm them with spurious e-mail traffic.
Key systems controlling bank teller machines and other critical applications have been put out of action by earlier outbreaks. With increasing number of systems using internet protocols all systems are at risk from the network jamming caused by viruses.
Sobig has already stopped signalling systems on the Amtrak rail network in the US. Earlier this year Microsoft’s own systems were invaded by a virus despite the company’s efforts to improve security.
The increasing use of wireless networks, particularly for logistics operations, is likely to provide more opportunities for virus writers. Handheld devices, using cut down versions of the software found on desktop systems, and connected to wide area networks, are also at risk.
The most effective way of stopping viruses is to make sure that users who receive e-mails from dubious sources don’t open the attached files – not always easy given the way the messages are presented.
IT departments have been scrambling to secure systems against viruses by putting in software patches that close off loopholes in their systems. It is a thankless task and not always successful as virus writers make their code smaller and faster spreading. Anti-virus measures are often seen as expensive and likely to hamper company plans to extend networking, for example, to enable employees to work at home more or to forge closer links with business partners.
Although a predicted meltdown caused by Sobig failed to materialise at the end of last month, computer specialists are bracing themselves for more outbreaks. Stand by your monitors – the next version of Sobig is due to hit.