Monday, August 19, 2003
Los Angeles Times
New Computer Virus Clogs E-Mail Inboxes

 From Associated Press/Dow Jones

NEW YORK -- A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide this morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm.

The new virus, named "Sobig.F" by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.

MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday, making it by far the most active virus of the day.

"It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said.

The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time.

The e-mail message that carries Sobig.F has the subject line "Re: Details" and the message "Please see attached file for details." If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected.

The virus will then send itself out to names found in the victim's address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.

Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.

The Blaster worm is still at large. It uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site on Saturday proved harmless.


Monday, August 19, 2003
Los Angeles Times
'Good' PC Worm Tries to Make Bad One Squirm

 By Joseph Menn, Times Staff Writer

Call it the Battle of the Internet Worms.

As the Blaster worm on Monday began its second week infecting computers, a variant emerged that exploits the same software vulnerability to invade PCs running Microsoft Corp.'s Windows operating system.

But instead of causing mischief, the new worm tries to disinfect machines carrying Blaster and then plug the hole that let both worms through.

In a final act of selflessness, the worm is programmed to delete itself Jan. 1.

The author of the vigilante worm — known by various names, including Nachi — is anonymous.

"There's a little bit of good Samaritan in them," said virus researcher Craig Schmugar of Network Associates Inc., one of several virus-fighting companies that warned of the noble worm after its discovery early Monday.

Those warnings were issued because any worm, no matter how well intentioned, spreads without authorization into private networks. And Nachi can harm some machines.

A company in Japan, where Nachi was spreading quickly, reported that its network crashed when many of its personal computers got the fix-it worm and tried to download Microsoft's Blaster patch simultaneously.

Nachi works only on machines running English, Chinese and Korean versions of Windows. And it tries to download patches only for Windows 2000 and Windows XP, said Joe Hartmann, director of North American anti-virus research at Trend Micro Inc.

Finally, Windows 2000 computers can utilize the patch only if an earlier update has been installed. The worm doesn't seem to know that, Hartmann said.

"It wanted to be a good worm" but fell short, he said.

Although Blaster's spread is slowing, it still is moving faster than Nachi and less good-natured variants, including one that installs a "back door" for future access by hackers.

All take advantage of a security hole discovered a month ago and publicized by Microsoft.

The malicious worms, designed to spread automatically, can trigger constant rebooting, giving users little time to fix infected machines. Blaster was designed to launch a coordinated attack on a Microsoft Web site, but it failed to disrupt much of the Internet because Microsoft disabled the target page.

As with earlier "good" worms that sought to stop Code Red and other Internet infections, Nachi may spur debate about whether an automatic inoculation is the best answer for the failure of many computer users to install fixes when new problems are discovered.

But security experts said the risks of such efforts were still too great. "There could be unwanted side effects," Schmugar said.

Microsoft has been under fire for security lapses, but spokesman Sean Sundwall said it had nothing to do with Nachi.

Tuesday, August 20, 2003
Los Angeles Times
E-Mail Worm Strikes Corporate PCs
Net service providers, others work to block Sobig.F. Another invader hits Air Canada

 From Times Wire Services

AOL Time Warner Inc., Verizon Communications Inc. and Starbucks Corp. were among the companies scrambling Tuesday to block a new mass e-mail worm dubbed Sobig.F from wrecking their networks.

The worm, which appeared to be spreading rapidly, attempts to download files from the Internet and potentially can leave computers vulnerable to further attack. It is at least the fourth major new Internet worm to hit computers worldwide in the last week.

The worm spreads through computer systems via e-mail and comes with a variety of subject lines including "Your details," "Thank you!," "Your application" and "Wicked screensaver."

Sobig.F is a variant of an earlier worm and was first noticed Monday. Variants have been circulating since January.

Sobig.F is occurring even as computer operators are trying to fix damage caused by Blaster, a worm that exploited a weakness in Microsoft Corp.'s Windows software and infected 1.4 million systems last week.

Another worm, called Code Red, infected 359,000 systems in less than 14 hours one day in 2001.

Air Canada went through a check-in nightmare Tuesday after yet another computer worm infected its reservations systems, prompting the airline to warn its passengers of delays and cancellations. The worm, dubbed White Hat, hit as the airline still was reeling from a worldwide shutdown of its operations Friday after the massive power blackout in Ontario and the U.S. Northeast.

As for the Sobig.F worm, it has sent out millions of e-mails around the world and is particularly affecting home users, said Jimmy Kuo, a security fellow at security software company Network Associates Inc. of Santa Clara, Calif.

AOL, operator of the world's largest Internet service provider, has been automatically scanning and blocking infected e-mails, said Nicholas Graham, a company spokesman. He said the worm hasn't slowed AOL's network.

Verizon was no different.

"Our filters have seen it and have been functionally removing it from incoming e-mails," said Mark Marchand, a Verizon spokesman. He said the worm had a "minimal" effect on the company's computer network.

Starbucks "had a few incidents" related to the worm, said Audrey Lincoff, the director of media relations at Seattle-based Starbucks. She declined to be more specific.

Even companies that weren't hit by Sobig.F, such as Bethesda, Md.-based Lockheed Martin Corp., the world's largest defense contractor, decided to take precautions.

Lockheed on Monday shut down its so-called virtual private network, the dial-up connection by which employees can get secure access to Lockheed's computer network from remote locations, for about 12 hours, said spokeswoman Elaine Hinsdale.

Bloomberg News was used in compiling this report.

 

Click Image for Larger View
 








E-mail :  Brunardot@Brunardot.com







There is one Universe.

It is perpetual, in equilibrium;

and, a manifestation of the
 Unified Concept; thus;

. . . the Fundamental Postulate.


also,

are a single discipline, Philogic,
which proclaims perpetuity

and the nexus of Life; such is


. . . Conceptualism.

 

This symbol indicates:
not complete, or more information needed . . .
please E-mail
your information, corrections, documents, photos,
inquiries, or any other needs to:
Brunardot@Brunardot.com
Return to Top of Page

 
  Brunardot.com website

Dedicated to Giordano Bruno, Leonardo da Vinci.
Leonardo da Pisa, Arturo Meniot, & Denis Diderot

 Terms of:  © Copyright 1999-2017 by Brunardot



CONCEPTUAL Applications
Family of Informational Websites
 Emphasizing Philogic, a discipline that overarches
Science, Theology, and Philosophy (STP)

Website Design by:   CONCEPTUAL  Applications
a division of: WebComm21

 

 

 

 

030820 1:07 pm