SoBig.F worm a speed demon

Already dubbed the worst virus week ever by software insiders, the week of Aug. 10 saw computer users deluged with infected operating systems and e-mail. And like someone scratching an irritating mosquito bite, computer users are wondering how long this rash of attacks will last.

The latest infection to spread through the Internet, in the wake of a malicious attack against users of the latest Microsoft Corp. operating systems, is known as the SoBig.F worm.


Declared the "fastest e-mail outbreak ever" by one Internet security company, the worm clutters inboxes with infected e-mail, using subject headings such as "Your details," "Your application" and "Thank you!"

Once the attachment is opened, the worm replicates the e-mail and, every 10 minutes, sends it off to other users from the infected computer's address book. The worm does not delete files from the computer but turns it into a spamming machine, slowing down systems and networks.


At Chicago's Preon Power Inc., an electrical engineering firm, Dova Juzenas said she received about 20 such e-mails two weeks ago. And that's what filtered into her inbox after the anti-virus software caught most of the other SoBig.F e-mails.

"It's just annoying because it holds up the e-mail you usually receive," said the sales assistant.

Like most Internet attacks, the SoBig.F worm has been more annoying than destructive.

"Sheer destructiveness rarely seems to be the goal. It's on a prankster level, not necessarily malice," said Mike Scher, director of labs at Chicago computer security consultant Neohapsis. "Most of the folks underground are too knowledgeable to be destructive. They do it to prove 'Just because I can.'"

Another common trait is a vendetta against Windows operating systems. Since more than eight of 10 home and office computers operate on the Windows operating system, the software is ripe for repeated attacks.

Another worm known as "Nachi" emerged two weeks ago and knocked Air Canada's reservation system off line, causing delays to several flights. And Central Command, an anti-virus service provider, warned Aug. 21 of a possible cyber attack to coincide with the second anniversary of Sept. 11, 2001.

The Cleveland company said the SoBig worm has a pattern of releasing new variants after the existing version deactivates. The worm has the potential to download components of the attacker's choice onto the infected computer. The current SoBig.F worm is programmed to deactivate Sept. 10, and the company warns that infected computers might be "awaiting instructions" for a digital assault by SoBig.G, the worm's next incarnation, on or about Sept. 11.

The downloaded components might include a backdoor hacker program, which could enable someone to gain control of that computer.


"A potential risk is that the massive army created by [the SoBig worm] could be used to launch an all-out attack on large Internet infrastructures," said Steven Sundermeier, a Central Command vice president, in a statement.

The Chicago Tribune is a Tribune Publishing newspaper.