LOS ANGELES -- One of the fastest-spreading e-mail viruses ever is threatening to discombobulate computers around the world today, when hundreds of thousands of infected PCs could be commandeered to send spam, delete data or inflict other unpleasantness.
The virus, dubbed SoBig.F, has programmed the computers it has infected to automatically download potentially malicious instructions from a machine thought to be controlled by the person who wrote the virus, computer security experts said.
So far, SoBig has done little if any permanent damage. But it has caused plenty of aggravation by filling e-mail in-boxes and clogging networks, even at companies whose employees know better than to open e-mail attachments they didn't request. SoBig spreads through attachments, just as the Melissa and ILoveYou viruses did in the past. It is the third widespread infection of computer networks this month.
Unlike its predecessors, SoBig has become more sophisticated in successive versions since its discovery in January. It is one of the first to install a "back door" to allow additional manipulation by hackers.
"Traditionally, viruses only propagated copies of themselves," said John R. Levine, author of "The Internet for Dummies." "It's a fairly recent development -- over the past few months -- that we're seeing viruses that leave a trap door so bad guys can come in later and install more hostile software."
Computer security experts scrambled Thursday to analyze SoBig so they could stop the hacker's designated server computer from giving new instructions to infected personal computers. The PCs are scheduled to rendezvous with the server today. Another contact is supposed to take place Sunday.
By analyzing the virus, the experts know the server's numeric Internet address but not its physical location or the identity of its owner. As a result, it was not clear whether law enforcement officials would be able to tap into or interfere with the communication between infected PCs and the server computer. A spokesman for the Department of Homeland Security said only that officials were monitoring the spread of the virus.
SoBig -- presumably named for the effect it was designed to have on computer networks -- is triggered when a user tries to open the attachment, allowing the program to write itself into the start-up sequence of a machine running one of many editions of Microsoft Corp.'s Windows operating system.
The virus seeks out e-mail addresses stored on the PC and selects some of them to be its next targets. The virus also picks out addresses to use as fake return addresses. That way, when messages are undeliverable, they bounce back to innocent parties and clog up their in-boxes too.
Just one infection at a big company can prompt thousands of outgoing messages, only one of which must be opened for the infection rate to hold steady. SoBig ranks among the fastest-spreading viruses to date, though previous viruses have infected far more computers.
Internet users were flooded this week with infected e-mails generated by SoBig. EarthLink Inc., one of the biggest providers of residential Internet access, said Thursday that it was deleting hundreds of infected messages a second.
The attack arrived as companies were struggling to contain the effects of earlier viruses and worms. CSX Corp., the railroad giant, said the Blaster worm infected its signaling and dispatching systems early Wednesday morning. All of CSX's rail service was halted for two hours, and morning commuter service in Washington was canceled.
http://www.sunspot.net/technology/bal-virus0822,0,77109,print.story?coll=bal-home-headlines
The virus, dubbed SoBig.F, has programmed the computers it has infected to automatically download potentially malicious instructions from a machine thought to be controlled by the person who wrote the virus, computer security experts said.
So far, SoBig has done little if any permanent damage. But it has caused plenty of aggravation by filling e-mail in-boxes and clogging networks, even at companies whose employees know better than to open e-mail attachments they didn't request. SoBig spreads through attachments, just as the Melissa and ILoveYou viruses did in the past. It is the third widespread infection of computer networks this month.
Unlike its predecessors, SoBig has become more sophisticated in successive versions since its discovery in January. It is one of the first to install a "back door" to allow additional manipulation by hackers.
"Traditionally, viruses only propagated copies of themselves," said John R. Levine, author of "The Internet for Dummies." "It's a fairly recent development -- over the past few months -- that we're seeing viruses that leave a trap door so bad guys can come in later and install more hostile software."
Computer security experts scrambled Thursday to analyze SoBig so they could stop the hacker's designated server computer from giving new instructions to infected personal computers. The PCs are scheduled to rendezvous with the server today. Another contact is supposed to take place Sunday.
By analyzing the virus, the experts know the server's numeric Internet address but not its physical location or the identity of its owner. As a result, it was not clear whether law enforcement officials would be able to tap into or interfere with the communication between infected PCs and the server computer. A spokesman for the Department of Homeland Security said only that officials were monitoring the spread of the virus.
SoBig -- presumably named for the effect it was designed to have on computer networks -- is triggered when a user tries to open the attachment, allowing the program to write itself into the start-up sequence of a machine running one of many editions of Microsoft Corp.'s Windows operating system.
The virus seeks out e-mail addresses stored on the PC and selects some of them to be its next targets. The virus also picks out addresses to use as fake return addresses. That way, when messages are undeliverable, they bounce back to innocent parties and clog up their in-boxes too.
Just one infection at a big company can prompt thousands of outgoing messages, only one of which must be opened for the infection rate to hold steady. SoBig ranks among the fastest-spreading viruses to date, though previous viruses have infected far more computers.
Internet users were flooded this week with infected e-mails generated by SoBig. EarthLink Inc., one of the biggest providers of residential Internet access, said Thursday that it was deleting hundreds of infected messages a second.
The attack arrived as companies were struggling to contain the effects of earlier viruses and worms. CSX Corp., the railroad giant, said the Blaster worm infected its signaling and dispatching systems early Wednesday morning. All of CSX's rail service was halted for two hours, and morning commuter service in Washington was canceled.
http://www.sunspot.net/technology/bal-virus0822,0,77109,print.story?coll=bal-home-headlines