Computer viruses run wild
"Wicked screensaver, Thank you! Approved, that movie, details, your
details…"
If the above is the subject matter of an email you are receiving, be wary,
especially if it comes with an attachment of between 70 and 100kb. It could be a
worm. This variant of the Sobig worm, Sobig.F is running rampant across the
world in a two week period which some are now beginning to call the worst
computer virus period ever.
On August 11 the Blaster or Lovsan worm was introduced into the wild
spreading like wildfire and spectacularly affected hundreds of thousands of
computers. This worm targeted computers with Windows 2000 and Windows XP
operating systems. The programmers of the virus even left a hidden message:
"I just want to say LOVE YOU SAN!! billy gates why do you make this
possible ? Stop making money and fix your software!!
Symptoms of the virus was the frequent rebooting of infected Pc's, but its
big payload was to be for Microsoft itself - it attempted to knock the Windows
update site offline. Infected computers were to send packets of information
several time per second to this Microsoft site which would perform a
"Denial - of -Service" attack. Microsoft however had this under
control for the August 16th activation date.
Following hot on the heels of Lovsan or Blaster was Welchi. Some could view
Welchi as an anti-virus-virus. Welchi exploited the same vulnerability used by
Lovsan. What Welchi was programmed to do was to remove the Lovsan infection and
install the Microsoft patch for the vulnerability. Welchi only infected systems
running Windows XP. While it may seem like a good virus, experts say that Welchi
is not perfect and would create additional problems. The worm also had an
expiration date and would uninstall itself after January 1 2004. Simply
resetting the date on an infected computer to 2004 and rebooting deleted the
virus.
But the long week was not over. Sobig.F started spreading with reports coming
in of recipients receiving up to 100 of these infected emails in under 24 hours.
According to F-Secure corporation, close to 100 million infected e-mails were
seen in the Internet since this attack started on August 18. And it is not a
simple matter to assume that the PC of the sender of the email is infected,
because it probably did not come from them. What the virus does is it
"spoofs" the sender adress, taking email addresses from the infected
computers inbox and placing that address in the from field. It then sends it out
to other addresses also on the infected computer. Experts are now waiting to see
what happens next as it seems that Sobig.F may have more up its sleeve.
So, the message is: take care. Protect your PC and keep the virus protection
packages updated. Its rough out there in cyberspace!
|
