Sobig virus infection rate rivals Lovebug virus

Infection rates by Sobig mass-mailing e-mail virus have matched the Lovebug, the most prolific computer virus to strike so far,...

Infection rates by Sobig mass-mailing e-mail virus have matched the Lovebug, the most prolific computer virus to strike so far, it emerged on Wednesday evening (20 August).

The outbreak, which comes hot on the heels of the Blaster worm, has left some businesses struggling with overloaded networks and disrupted e-mail communications.

Antivirus specialist Messagelabs said the problem was likely to get worse before it gets better.

"We think there will be a peak on Monday and Tuesday when people get back from holiday and find the virus waiting in their in box," said Alex Shipp, senior antivirus technologist.

The virus first appeared on Monday (18 August) but did not gain critical mass until between 9am and 10am on Tuesday morning when infection rates began to increase exponentially.

According to Messagelabs, the first virus signatures were not released until 10.30am, too late to prevent infection in many organisations.

Once it has taken hold in a machine, the virus visits a series of websites and downloads a trojan, which provides the virus writer with remote access to the machine.

Most of the trojans are programmed to send out spam e-mail, advertising sleazy websites and products such as viagra, Messagelabs said.

There have also been unconfirmed reports of trojans programmed to steal passwords, said Clearswift.

Six variant versions of the Sobig virus have been released over the course of the year, prompting speculation that the author may be testing the effectiveness of different virus writing techniques.

"This guy has been doing it a while now. He makes small changes each time and this time he has hit the jackpot," said Shipp.

Although the virus can be easily detected by antivirus systems, the volume of infected e-mails meant that in some cases business networks were slowing down.

"If you are a company and you are right up to your network limits you could be struggling," said Shipp.

Sophos estimated on Wednesday that hundreds of thousands of computers had been infected by the virus around the world.

The firm advised companies that were struggling, to install simple filters to intercept the virus before it reached the antivirus defences.

The current version of Sobig is programmed to expire on 10 September. Anti-virus firms are warning computer users to expect another variant of the virus shortly afterwards.

Read more on Antivirus, firewall and IDS products