Sobig Virus Spread is Fastest Ever; Nachi Worm Continues

Dow Jones Newswires | Riva Richmond

[HAL9000]

NEW YORK (AP)—A virus that debuted this week has been declared the fastest spreading e-mail plague of all time, while another malicious program that hit last week continued to disrupt computers worldwide.

MessageLabs Inc., a company that filters e-mail for corporate clients around the world, Wednesday said it had intercepted more than a million copies of the "Sobig.F" virus the previous day, the most it has ever intercepted in a single day. That was one in every 17 e-mail messages the firm scanned.

"That's just a number we've never seen before," said Brian Czarny, MessageLabs' marketing director. The most widespread virus of all time, "Klez," at its peak accounted for one in 125 messages scanned.

Sobig.F continued to spread aggressively on Wednesday, though the pace eased off a bit to about one in 60 messages, he said.

The virus, which is the sixth and latest strain of a virus that first emerged in January, spreads through Windows PCs via e-mail and corporate networks. Besides clogging e-mail systems with messages carrying subject lines like "Re: Details" and "Re: Wicked screensaver," the virus also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into relayers of spam e-mail.

"It's a seeding," Czarny said. "All they're looking to do is plant that Trojan."

Another virus, of the self-spreading kind called a "worm," first appeared last week and was still causing problems Wednesday. The worm, dubbed "Blaster," spreads through Internet connections to PCs using versions of Microsoft Corp.'s Windows operating system that haven't been fixed for a programming flaw. Microsoft disclosed the error, and provided a patch, on July 16.

Blaster was followed this week by the derivative "Nachi" or "Welchia," which attempts to inoculate computers by downloading the patch from Microsoft. However, the new worm is causing more problems than Blaster, and brought down Air Canada's ticketing systems Tuesday.

Railway giant CSX Corp. said a "worm virus" brought down its signaling systems early Wednesday morning, causing delays and canceled trains through the Eastern states.

Andy Ellis, chief security architect at Web services company Akamai Technologies Inc. said "Nachi" may not be more widespread than Blaster, but it is technically superior and is now generating twice as much Internet traffic as Blaster.

A lot of companies have been reporting problems inside their networks, he said, and there have been "a couple of points where parts of the backbone had performance issues" in the last 24 hours.

"Nachi is a long-term problem that has to be dealt with. These systems absolutely have to be patched," Ellis said.

Copyright 2003 Associated Press. All rights reserved.

[HAL9000]

The good news is that a lot of FReepers are getting rid of Microsoft operating systems recently, judging from numerous messages on FR.

[Jalapeno]

I have definitely seen signs today that Sobig spread in a huge way, but the activity seems to be on the wane now, and by next week will be long forgotten.

[Chad Fairbanks]

And yet, once again, I still havn't gotten this virus/worm/trojan, or any other one... and I've used MS Products for years...

Maybe it's not the Operating System that is the problem?

[Jalapeno]

No its the mail program (outlook) and how you expose your email throuhout the Internet..

[Chad Fairbanks]

Well, I use Outlook too.

What I'm waiting for is for Linux to take over as the Big Boy on the Block, and I am going to laugh my butt off when suddenly they become the target of choice for malicious script kiddies... as for the three Mac Users out there, well, they ain't gotta worry ;0)

[Sally'sConcerns]

There's a new patch that I was alerted to late this afternoon from Microsoft. I didn't check to see what it was since I've set my auto-notification to be for critical updates only.

Just thought I'd throw that out where people can check for the update.

[babaloo999]

Yup. I've never received any of these menaces, either.
Heck, I've never even received an email from Nigeria.
Where's the love?

[Cold Heat]

I agree with you. I got one once and bought Norton. I got another one and dumped norton for Avast a couple years ago and have never gotten another.

I upped my security some more by not accepting any mail unless the sender in in my address book.

That seems to solve all the problems.

[Chad Fairbanks]

I havn't gotten teh Nigerian Scam ones either. I feel so slighted.

[js1138]

And yet, once again, I still havn't gotten this virus/worm/trojan, or any other one... and I've used MS Products for years...

I've gotten a couple, but in each case it was due to deliberate neglect against my better judgement.

[js1138]

I upped my security some more by not accepting any mail unless the sender in in my address book.

Every virus I've ever seen at home or at work has come from a trusted source.

[Chad Fairbanks]

Regardless of what operating system I happen to be using at any given time, a simple hardware or software firewall and a little common sense seems to prevent most problems...

I am, right now in what little spare time I have, conceptualizing the Ultimate Virus (well, actually a Worm) that could, in theory, take down the Internet. Having Linux wouldn't help. bwaaaaaaaaaaahahahahahahahahahaaaa

[browardchad]

I am, right now in what little spare time I have, conceptualizing the Ultimate Virus (well, actually a Worm) that could, in theory, take down the Internet.

I don't think it would be that difficult -- I mean, if people are opening e-mails from strangers that say "Wicked Screensaver," or "I love you" they'll open anything.

[tubebender]

The good news is I think I figured out the Eudora Spam filter. The bad news is I'm not getting any eMail now...

[Chad Fairbanks]

LOL... actually, the concept wouldn't necessarily be an email-delivered exploit. Now, as I stated, this is only a concept, and I have no intention of ever doing it.

The concept is, simply, a software EMP against Internet Backbones...

THe questions are - can it be done? and if so, what can be done to defend against it...?

[rockfish59]

'Sobig'

Must originate from a gay porn site!

[mlbford2]

I had to deal with an onslaught of emails today from infected dimwits. Then you get emails from the rest of them asking why your emailing them. I stopped replying. If they can't figure it out then forget em.

[commish]

I have recieved 14 e-mails today with Sobig attached to them .. gotta love Norton Anti-virus

[Chad Fairbanks]

Even as recent as a few years ago, Eudora, Netscape Communicator, and yes, Outlook , had some exploitable functionality in it... Email has been a problem for well over a decade...

[HAL9000]

Maybe it's not the Operating System that is the problem?

It must be a mere coincidence that the only computers that ever get infected are running Windows. And thanks to the SoBig virus, millions of those miserable machines will be used as open relays for spam.

as for the three Mac Users out there, well, they ain't gotta worry ;0)

Mac OS X will be running on 10 million computers this year - virus-free.

[Redleg Duke]

Love your tagline! LOL!

[Chad Fairbanks]

Coincidence? Not really - just more bang for the buck...

Now, Windows, however exploitable, doesn't hold a gun to the heads of people and say "Write something that will exploit this weakness and cause problems for everyone" do they?

[rockfish59]

It happened to me last year. It was sending e mails to Jim Robonson of all people. I'm sure it was some commie jackass here who doesn't like me or him who must have done it.

[Cold Heat]

Every virus I've ever seen at home or at work has come from a trusted source

So true, they do not always come in the spam. Fortunately most all the people in my address book have good protection, or if they don't I let them know.

When I receive a bug from them I notify them and tell them what kind and where the fix is located. Plus any other info I can gather. It happens, but infrequently now.

I screened through my junk filter(quarantined) and found a few today. They never get out of the box.(knock on wood)

[Chad Fairbanks]

Mac OS X will be running on 10 million computers this year - virus-free.

I have to call Bulls**t on that statement - not the numbers, but the 'virus-free' part. There are plenty of Mac Virus' out there - but no one hears much about 'em... and that has to do with numbers - only a certain percentage fo Windows Systems are ever infected. Out of 10 million Mac Users, only a certain percentage would be infected, and that number woul dbe barely a blip on the radar screen. If Macs had the install base that Windows has, we'd hear about them prominently too...

[Jeff F]

'Sobig'

Wow - could this mean all those penis enlargement products really do work!

[battousai]

I never understand how such big companies get hit by this stuff? Air Canada's ticketing system? Who the heck watches their network, new college grads or something?, the RPC bug has only been known for ages before msblast even came out but guess some one didn't patch their servers, and even then blocking tcp 135 on your network perimeter is good practice worm or no worm.

[GUIDO]

I have recieved 14 e-mails today with Sobig attached to them .. gotta love Norton Anti-virus

I have a story to tell. I work for an airline in the reservation center. I was off most of last week but when the virus hit I heard that it had disrupted us some, but only for a short period and we got it under control. In the meantime my home server I believe went down that evening for the same reason, and I wasn't able to get to my email but by the next morning it was ok.

Last night I copied and pasted alot of the posts from freerepublic about the Mel Gibson movie and emailed them to my email @ work so that I could then forward them on to a coworker whose email address I don't have @ home. Well got to work this morning and there must have been more than 25 emails w/ a message that it was intercepted because of infected attachment etc... Some of them on the subject line was THAT MOVIE!! Which baffled me because then does that mean the virus is in freerepublic? I am not computer literate but I was deleting all day today and I feel it seemed to initiate by my forwarding all those posts to my work email.

[js1138]

The hardware firewall at work died over last weekend. I had to bypass it and before I could get ZoneAlarm installed, SQL Server got hit by the slammer worm. Stupid, stupid for not having redundant protection. Fortunately slammer doesn't do any harm and is easy to get rid of.

[Fishrrman]

Chad Fairbanks wrote:
I have to call Bulls**t on that statement - not the numbers, but the 'virus-free' part. There are plenty of Mac Virus' out there - but no one hears much about 'em... and that has to do with numbers - only a certain percentage fo Windows Systems are ever infected. Out of 10 million Mac Users, only a certain percentage would be infected, and that number woul dbe barely a blip on the radar screen

For a point of reference, I'm a Mac user, and have been online since 1987, and connected to the Internet since 1995, DSL broadband for about the last 2 1/2 years.

In that time, I have freely downloaded from all sorts of places on the net and off (remember BBS's?). I'm downloading mp3's _right now_ from a news server that I _think_ is in Europe (don't know _where_ it is, as a matter of fact).

I have _never_ used any "live" virus protection other than a simple Mac extension called "Disinfectant". That is now obsolete and I don't even use that anymore -- I'm essentially running OS 9.2.2 "bare" - no virus protection at all, connected to the Internet 8+ hours daily.

Having said all that, I have never -- repeat NEVER (emphasis intentional) -- had any detectable virus infection on my computer. NOT ONE, in 16 years of being online.

So why the big concern about these things called "viruses", "worms", etc. in the PC world? (laughs)

Cheers!
- John

[Chad Fairbanks]

Wow. Congrats. 16 years online, no virus or other issue. I havn't had any either, and I have been a Windows User primarily (a little Linux on the side, for fun) for about a decade... I don't worry about it - I use a FireWall, and that's about it.

THe problem isn't that Windows is such a bad OS, it's that it's such an easy OS to use that they let just anyone walk into a store and by a PC, and when you get millions of those, things go to heck in a handbasket... Sorta like how the Net was before the WWW... ;0)

[battousai]

sorry but no self respecting hacker would write a virus for a Mac, it means you'd actually have to touch one to code for it.. eww yuck.. and even if you did all your hacker friends would probably laugh at you and not play all their hacker games with you anymore either :)

[Chad Fairbanks]

AppleScript was on the receiving end for a while there, much like VBScript is now... ;0)

[Question_Assumptions]

All of the PC users who claim that "If only Macs and Linux were as popular as Windows..." or "Macs and Linux have viruses but you just don't hear about them." are playing a version of the "everyone does it" game that Democrats use to excuse their bad behavior. What they fail to grasp is that Windows is a problem because of the security assumptions that Microsoft makes with such gems as the preview pane in Outlook that has, in the past, run virus code without even asking. There are plenty of examples from bad ActiveX controls that make it impossible to trust even Microsoft-signed controls to Word processor viruses. It seems that there is no application (email client, browser, word processor, etc.) that Microsoft can't turn into a virus vector and it is all rooted in a profound inability to really understand security in a networked environment.

I'm not running anti-virus software, either, and haven't in a long time. I haven't seen a Mac virus since I was working in a college computer lab (maybe System 7) and I've never seen a Linux virus. They can feel free to fantasize about Mac and Linux viruses that aren't a problem and I'll feel free to chuckle every time one I read a security warning that tells me that Macs and Linux are not affected.

[Question_Assumptions]

That's fine, you can keep the hackers. I'm not out to impress people. I'm out to use a machine that works.

[Chad Fairbanks]

Speaking of playing the Democraps' game - why are you blaming the victim for the actions of malicious law-breaking individuals.

One would think that as a conservative, you'd be placing the responsibility where it lies - with those who break the law... ;0)

[Question_Assumptions]

THe problem isn't that Windows is such a bad OS, it's that it's such an easy OS to use that they let just anyone walk into a store and by a PC, and when you get millions of those, things go to heck in a handbasket... Sorta like how the Net was before the WWW... ;0)

The 'Net before WWW (and eternal September) was actually a much friendlier place. Usenet. FTP. None of that sissy graphics stuff.

The problem with Windows isn't simply popularity. The problem with Windows is that Microsoft seems to make things open until they are proven dangerous rather than making them closed until they are proven safe. And they insist on making it possible to propagate viruses through many of their applications because they can run code that they shouldn't be able to run if safety were Microsoft's primary concern. While a certain number of security mistakes are understandable, Outlook is a veritable virus incubator and things like Word macro viruses have made it impossible to assume that something as simple as a word processing document is safe.

As you pointed out, even AppleScript was a problem. Yes. The ability to easily run scripts that do a lot without user oversight are dangerous. Yet Microsoft puts this sort of capability into most of their products, only removing or curtailing it once it is shown to be a menace.

When Sun first released Java, they made the security so tight that Java was largly useful only as a toy. As time went on, they loosened security to make Java more useful. Microsoft seems to work in the opposite direction. They open things up beyond what is prudent, justified in the name of ease or functionality and then limit things after a problem brings the 'Net to its knees. That's a bad approach no matter how you cut it.

[Chad Fairbanks]

YEah, it was fun... ;0) UseNet was a blast way back when...

Now, as for me, I like when things are 'open' - it can make life easier and provided more possibilities to accomplish things. It's just too bad there are so many malicious people who lack morals out there who want to destroy that...

[Question_Assumptions]

I'm not blaming the victim (which is the consumer). I'm blaming Microsoft for being cavalier with the security of their customer's machines.

If you bought a house and came home one day to find all of your valuables missing because the builder installed doors and locks that could easily be bypassed, would you (A) blame the burglars, (B) blame the builder, or (C) blame the burglars for the actual robbery but consider the builder irresponsible in matter of your security?

[Chad Fairbanks]

The Security of my system is MY responsibility. No one elses. Same with my home :0)

[Question_Assumptions]

YEah, it was fun... ;0) UseNet was a blast way back when... Now, as for me, I like when things are 'open' - it can make life easier and provided more possibilities to accomplish things. It's just too bad there are so many malicious people who lack morals out there who want to destroy that...

Yes, it would be nice if the world worked the way Microsoft seems to envision it -- with trust. And it actually worked to a certain degree before networks, when every machine was an island and viruses had to be spread via disk. But that was then and this is now.

My problem with Microsoft is that it starts from the assumption that things should be open, looking more at the possibilities than the problems. Only after a disaster does it tighten things down. Companies that take security seriously start in the other direction. They make things less open and functional but safe and then open them up.

A friend who runs a Microsoft shop (as a CTO) and is very pro-Microsoft (he owns an XBox, complains about my Macs and Linux, etc.) was complaining about how expensive Sun hardware is. I asked him why he was asking for a quote on Sun hardware. He told me that he needed a Firewall machine for his office and that no one he knows would trust Microsoft for their network security. That's not good. Really.

[Question_Assumptions]

If you enjoy do-it-yourself kits, then by all means use Windows. I'd rather spend my money on a machine and operating system that works without having to constantly fuss with it. I've got better things to do with my time.

Note that I'm not anti-Microsoft when it produces a good product and competes on the basis of quality. Office v.X for Mac OSX is a wonderful product and I have paid for licenses for all of the machines that I have it installed on.

[HAL9000]

There are plenty of Mac Virus' out there - but no one hears much about 'em...

So far, there are no known viruses targeting Mac OS X at all. None. Zero.

Viruses were a problem on the Mac several years ago. The only virus I've ever gotten on a Mac was over 10 years ago. It was the "WDEF" virus, spread via diskettes.

For your reference, here is the Sophos list of viruses and worms that affected the old Mac operating systems. None of them affect Mac OS X.

Of course, someone could email a Windows virus to me, then I could manually forward it to you. So a Mac can transfer a virus without being affected by it.

and that has to do with numbers

I doubt it. Virus writers have designed attacks against far smaller targets than the installed base of Mac OS X users. It's not the numbers that have made Mac OS X more secure, it's the design.

only a certain percentage fo Windows Systems are ever infected.

Probably between zero and one hundred, right?

[Chad Fairbanks]

I hear ya, man... but as I've stated before, a decent firewall and a little common sense goes a long way - I've never been the victim of any of these viruses or worms...

[Chad Fairbanks]

Hmmm... well, since OS X is a flavor of Unix, I wouldn't get too cocky about it ;0)

[boxerblues]

"hat movie" was one of the virus's subject lines, not from FR

[backhoe]

 

http://www.freerepublic.com/focus/f-news/967553/posts

VIRUS DETECTION AND ELIMINATION PROGRAM
McAfee ^

Click here.

This will do it also

Click Here

Go here and get a virus program that catches viruses that even McAfee and Norton miss. Best of all it is FREE. No adware no spyware, nothing. Updates are free too.
Also it NEVER caused connection problems or problems with my OE like McAfee and Norton.

http://www.grisoft.com/us/us_dwnl_free.php

Spybot Search and Destroy is excellent for spybots and covering user tracks. It's free, visit: http://security.kolla.de

Agnitum has a free firewall version of Outpost: http://www.agnitum.com/download/outpost1.html

Swat It! is a good trojan getter, visit: http://www.swatit.org

 

[MarkL]

sorry but no self respecting hacker would write a virus for a Mac, it means you'd actually have to touch one to code for it.. eww yuck.. and even if you did all your hacker friends would probably laugh at you and not play all their hacker games with you anymore either :)

If you check the archives, you'll find that Apple is the only computer manufacturer that actually shipped quite a few computers, pre-infected by a virus from the factory! Before that, I would tell my students that the only "secure" computer was one that was still in the sealed box, never having been turned on. Apple changed that statement.

Mark

[Rifleman]

The script kiddies are in for a lot of work in that case. Any OS can be had, given enough skilled work, but the Rosie Roundheels of the operating system world is just easier than Patty Purepants.

[Tribune7]

I understand that Mac OS X is more susceptible to virus than OS 9 and <.