Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2003 >  August 2003 >  SoBig.F thwarted – experts await SoBig.G

SoBig.F thwarted – experts await SoBig.G

OUT-LAW News, 25/08/2003

SoBig.F, the computer virus which spread worldwide last week, is the 6th version of the same virus since January. Version F, which began life on an adult newsgroup, was expected to launch a concerted denial of service attack on the internet on Friday, but was thwarted at the last minute by ISPs and the FBI. It is only a matter of time before version G is released, warn experts.

The SoBig virus propagates through e-mail, and takes the form of a mass e-mailing from an infected machine. The virus is contained in a .pif or .scr file attached to the e-mail. But too many users open these attachments.

The e-mails generated by the virus use the signatures of legitimate addresses in an infected computer's address book, making it difficult for recipients to tell whether the e-mail is genuine or not. The subject lines of the e-mail are fairly easy to spot though – such as Re: Approved, Re: Thank you! and Re: Your application.

The virus was released on Monday through a pornography news group. According to Reuters the virus was contained in a pornographic picture. It infected machines as soon as the picture had been opened. The virus then began to replicate itself through e-mail.

Events took a twist on Thursday, however, when experts realised that hidden within the worm was an instruction for all infected computers to contact twenty specified internet addresses between 7 pm and 10 pm on Friday – to obtain further instructions.

The fear was that the worm would be ordered to use all infected machines to launch denial of service attacks, where servers are so overloaded by requests that they cannot function.

ISPs raced against time to identify the twenty computers that would be issuing attack instructions. By 7pm on Friday they had managed to shut down at least seventeen of the twenty computers, stopping the attack.

The virus was instructed to repeat the process on Sunday, but with the computers off-line, the threat did not materialise.

The FBI has also become involved, issuing a subpoena to ISP Easynews.com. The ISP's chief technology officer, Michael Minor, told Reuters, "It looks like the original variant was posted through us to Usenet on the 18th [August]".

The FBI are looking to trace the origin of the worm through Easynews.com.

Experts predict that it is only a matter of time before the next version of the virus is released, although not until after the expiry date of SoBig.F, on 10th September. Graham Cluley, senior technology consultant Sophos Anti-Virus told Reuters, "We would expect to see the next one some time after September 10th, not necessarily on September 11th, but within the ensuing weeks."

See also:

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.