Infection rates by Sobig mass-mailing e-mail virus have
matched the Lovebug, the most prolific computer virus to strike so
far, it emerged on Wednesday evening (20 August).
The outbreak, which comes hot on the heels of the Blaster worm,
has left some businesses struggling with overloaded networks and
disrupted e-mail communications.
Antivirus specialist Messagelabs said the problem was likely to
get worse before it gets better.
"We think there will be a peak on Monday and Tuesday when people
get back from holiday and find the virus waiting in their in box,"
said Alex Shipp, senior antivirus technologist.
The virus first appeared on Monday (18 August) but did not gain
critical mass until between 9am and 10am on Tuesday morning when
infection rates began to increase exponentially.
According to Messagelabs, the first virus signatures were not
released until 10.30am, too late to prevent infection in many
organisations.
Once it has taken hold in a machine, the virus visits a series
of websites and downloads a trojan, which provides the virus writer
with remote access to the machine.
Most of the trojans are programmed to send out spam e-mail,
advertising sleazy websites and products such as viagra,
Messagelabs said.
There have also been unconfirmed reports of trojans programmed
to steal passwords, said Clearswift.
Six variant versions of the Sobig virus have been released over
the course of the year, prompting speculation that the author may
be testing the effectiveness of different virus writing
techniques.
"This guy has been doing it a while now. He makes small changes
each time and this time he has hit the jackpot," said Shipp.
Although the virus can be easily detected by antivirus systems,
the volume of infected e-mails meant that in some cases business
networks were slowing down.
"If you are a company and you are right up to your network
limits you could be struggling," said Shipp.
Sophos estimated on Wednesday that hundreds of thousands of
computers had been infected by the virus around the world.
The firm advised companies that were struggling, to install
simple filters to intercept the virus before it reached the
antivirus defences.
The current version of Sobig is programmed to expire on 10
September. Anti-virus firms are warning computer users to expect
another variant of the virus shortly afterwards.