Editorial: SOBIG.F Virus - Where did all the real-mail go?

By Jason Butterfield
[email protected]
Comment on this Editorial

Like most other days you came into work on Thursday morning, sat down at your computer then opened your email.Sounds like a normal morning, but then you see that you have over 500 messages in your inbox or waiting to download? If you communicate over the Internet, as most of us do, you may have found that your inbox was filled with emails from the latest and most virulent virus to hit the Internet-- Sobig.F ( I can think of a few words for the “F” ). To top it off, this is the second virus to make its rounds right on the heals of a similar virus, the Blaster Worm. Adding insult to injury a third virus made its way around claiming to be a program that fixes and secures your computer against the Blaster Worm – Just wonderful!

So what did you do? Like many Internet users you likely spent the next hour or so hitting the delete button, scanning your system and fretting just a little – do I have it?If you did have the virus, you’re not the only one that was affected.According to MSNBC one in 17 e-mails sent since Monday has been infected by the virus and this has slowed the Internet to a crawl.

Scanning through the emails for legitimate business correspondence you will likely notice that you have received an email message from a friend or colleague and it has one of the signature subject lines such as “Thank you,” “Re: Details” or “Re: approved.”- You immediately think, “They must be infected; I need to notify them pronto.”Before you do let’s look at how these viruses, such as the Blast and Sobig.F propagate.

No one was really immune (okay even the Macintosh user population has to admit that they may have received a few of the e-mails and experienced the slow down, but the virus was targeted at Windows based computers). Even large organizations were effected such as CSX, which shut down its train signaling system covering 23 states east of the Mississippi. Up in Canada, a strain of the Blaster Worm brought down the Air Canada check-in systems on Tuesday.

These viruses are a new breed and essentially had e-mail software built into them. In the past, Worm viruses relied on existing software packages such as Microsoft’s Outlook and attacked specific security flaws in these applications. The Sobig virus spreads when a computer users open an infected file attachments. After the file is opened, Sobig scans the computer for e-mail addresses in Word documents, Internet temporary files and e-mail inboxes. Designed like mass-mailing spam programs, it then sends scores of messages to the addresses it has collected.Many of the email messages going out from an infected computer with have forged names or e-mail addresses. All of this lends to the total confusion, further increasing e-mail traffic and grinding the Internet to a slow crawl.

With that said, it’s easy to understand how your friend or colleagues email ended up in your inbox with a virus attachment.It is important to understand and keep in mind that they may not be infected with the virus and their e-mail address just happens to be in the wrong place at the right time – or is that right place, wrong time.

If you are relatively low key on the Internet, that is, you don’t have your e-mail address on your corporate website, don’t e-mail anyone or receive e-mails then you may not have even noticed this latest virus pot-hole on the Information Highway.

If you did notice it, and are interested in more information on the virus here are a few links and references to elevate or alleviate your fears.

Microsoft warns of critical IE flaws (http://www.msnbc.com/news/955496.asp?0sl=-11)

Specific actions for Blaster worm (http://www.microsoft.com/security/incident/blast.asp)

For those interested in aspects of the Worm or want more information, send me an e-mail-- just kidding.Actually visit the link below:

Microsoft’s Security & Privacy FAQ (http://www.microsoft.com/security/incident/blast_faq.asp)

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.