A "good" Internet worm and a new malicious mass-mailing computer virus are creating an enormous amount of network traffic, slowing some corporate systems, security experts said Tuesday.
The Internet worm--called MSBlast.D, W32.Welchia or W32/Nachi--started compromising computers Monday and has overwhelmed some corporate networks with its aggressive scans for vulnerable hosts. Meanwhile, a new variant of the mass-mailing Sobig virus, called W32/SoBig.F, took off on Tuesday, swamping many companies' mail servers.
The double whammy caused problems for some corporate networks, but not for the Internet at large, said Jimmy Kuo, a research fellow for security software firm Network Associates.
"This is local clogging as opposed to worldwide Internet clogging," Kuo said. "There are many areas of local pain."
The MSBlast variant, Nachi, infects computers using the same widespread vulnerability in Microsoft Windows that previous versions of the worm exploited. The program then downloads a patch to protect systems against future infections of the MSBlast worm.
While the intentions of the unknown worm writer seem to have been good, its aggressive spread has clogged many networks.
"It's faster," Kuo said. Previous versions of MSBlast tried to spread to 20 different network addresses at a time but had to wait for each attempt to fail if no computer was at that address. The Nachia variant tries to spread to 300 different address at a time and doesn't wait, letting it spread very fast.
The latest version of the SoBig mass-mailing computer virus also caused headaches for network administrators. E-mail service provider MessageLabs stopped more than 100,000 messages carrying the latest virus in the first few hours of the attack.
"It is definitely a quick spread," Kuo said.
Rick Stratton, president of Web software company 1871 Media, said the virus hit his business and his clients' Web sites hard, because many sites had public e-mail addresses posted on their pages.
"Before I turned (the transmission of those e-mails) off, I probably got about 200 in an hour," he said. "The Web mail interface can't even process the volume."
The SoBig.F virus spreads by harvesting e-mails from Web pages and from the address book of an infected computer. It sends a copy of itself to the addresses in an e-mail message with a subject lines such as "Your Details" "Re: Approved," and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer.
Stratton said he doesn't think his company nor his clients were infected with the virus, but the amount of e-mail generated by SoBig.F caused enough of a headache.
"Once I figured it out, I was fine. But I found our customers were getting killed with the number of e-mails created," he said.
Source:
http://msnbc-cnet.com.com/2100-1002_3-5065644.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnews
The Internet worm--called MSBlast.D, W32.Welchia or W32/Nachi--started compromising computers Monday and has overwhelmed some corporate networks with its aggressive scans for vulnerable hosts. Meanwhile, a new variant of the mass-mailing Sobig virus, called W32/SoBig.F, took off on Tuesday, swamping many companies' mail servers.
The double whammy caused problems for some corporate networks, but not for the Internet at large, said Jimmy Kuo, a research fellow for security software firm Network Associates.
"This is local clogging as opposed to worldwide Internet clogging," Kuo said. "There are many areas of local pain."
The MSBlast variant, Nachi, infects computers using the same widespread vulnerability in Microsoft Windows that previous versions of the worm exploited. The program then downloads a patch to protect systems against future infections of the MSBlast worm.
While the intentions of the unknown worm writer seem to have been good, its aggressive spread has clogged many networks.
"It's faster," Kuo said. Previous versions of MSBlast tried to spread to 20 different network addresses at a time but had to wait for each attempt to fail if no computer was at that address. The Nachia variant tries to spread to 300 different address at a time and doesn't wait, letting it spread very fast.
The latest version of the SoBig mass-mailing computer virus also caused headaches for network administrators. E-mail service provider MessageLabs stopped more than 100,000 messages carrying the latest virus in the first few hours of the attack.
"It is definitely a quick spread," Kuo said.
Rick Stratton, president of Web software company 1871 Media, said the virus hit his business and his clients' Web sites hard, because many sites had public e-mail addresses posted on their pages.
"Before I turned (the transmission of those e-mails) off, I probably got about 200 in an hour," he said. "The Web mail interface can't even process the volume."
The SoBig.F virus spreads by harvesting e-mails from Web pages and from the address book of an infected computer. It sends a copy of itself to the addresses in an e-mail message with a subject lines such as "Your Details" "Re: Approved," and "Thank you!" The virus also spreads by copying itself to shared network hard drives that are accessible to the infected computer.
Stratton said he doesn't think his company nor his clients were infected with the virus, but the amount of e-mail generated by SoBig.F caused enough of a headache.
"Once I figured it out, I was fine. But I found our customers were getting killed with the number of e-mails created," he said.
Source:
http://msnbc-cnet.com.com/2100-1002_3-5065644.html?part=msnbc-cnet&tag=alert&form=feed&subj=cnetnews