Friday, August 23, 2003 Front Page: Business Section Los Angeles Times Computers Bearing Virus Orders Isolated FBI, security experts zero in on the source of the malicious program that has triggered widespread problems. The FBI and private computer security experts shut down most of the computers that were supposed to give new instructions to a quick-spreading e-mail virus Friday as authorities homed in on its creator. As many as 19 of the 20 computers had been knocked offline by noon PDT, when hundreds of thousands of personal computers infected by the SoBig.F virus tried to contact them, according to anti-virus firm Symantec Corp., one of several companies that has been assisting the FBI, the Department of Homeland Security and other authorities. The infected PCs were seeking directions to other computers, where they could have downloaded new and potentially malicious software. One of the 20 computers that was still online gave the inquiring PCs the Web address for a pornography site, which was not believed capable of delivering any malicious code, said Steve Trilling, senior director of Symantec Research. Experts said the virus writer probably was using the address http://www.sex.com as a place holder and planned to post a more dangerous Internet address Sunday or later. The virus has programmed the infected PCs to check in for additional information every Friday and Sunday through Sept. 7. The experts analyzing the virus were able to decode the numeric Internet addresses for all 20 of the computers, known as servers, as well as the networks they were operating on. They could not glean the physical location or the identity of their owners, however. On another front, the FBI made significant progress in its hunt for the author of the SoBig virus, zeroing on in an Internet service provider in Phoenix. "It looks like the original variant was posted through us" Monday afternoon, said Michael Minor, chief technology officer of Easynews Inc. FBI spokesman Paul Bresson said the agency was "aggressively investigating." Two versions of the virus were initially disguised as porn images that were posted to several Internet communities known as newsgroups, Minor said. Whoever downloaded those pictures were probably the first to have their computers infected. In complying with a subpoena from the FBI's Los Angeles field office, Minor said, Easynews turned over the Internet location of the person who posted the program, along with the credit card the person used to open an account minutes before posting the virus. But Minor said he believed the odds of the FBI getting its man were slim, given that the credit card probably was stolen and the computer the person used was unlikely to be his own. "We haven't seen any mistakes so far from this guy," Minor said. Meanwhile, SoBig continued to spread around the world Friday, scouring infected machines for e-mail addresses and sending itself to others. Recipients infect their computers when they try to open innocuous-looking attachments. Even those who delete the attachments have been inundated with as many as a thousand e-mails a day as the messages generated by the virus bounce around the Net. SoBig prompted the shutdown of the U.S. passport agency's computers Thursday and Friday, employees said. Other federal offices had "sporadic problems," said Department of Homeland Security spokeswoman Rachel Sunbarger. Some companies had to disable their e-mail for hours. Among the firms hurt by SoBig's spread were Starbucks Corp., FedEx Corp. and New York Times Co. The damage could have been far worse. Security experts feared SoBig would update itself — with aid from the 20 master computers — and turn into a generator of junk e-mail, a platform for attacking major Web sites or a program for stealing confidential information. But since security companies were able to decode the identities of the master computers, "we haven't seen anything crazy," Symantec's Trilling said. Some of the 20 computers were disabled just hours before the trigger time at noon Friday. The 20th server controlled by the hacker is connected by a cable modem provided by one of the major U.S. Internet services and is probably in a private home, said Bo Sorensen, a vice president at F-Secure Corp., which helped analyze the virus. Once contacted by the FBI, the networks shut down 19 of the servers. In the case of the 20th, the cable provider might not have been able to pinpoint the right computer, Sorensen said. It also is possible that federal agents left the last computer alone in case the hacker tries to return to it. "It would seem like a decent way of catching the guy," Sorensen said. Although SoBig appears to be fizzling, the outlook for the future is not good. The virus is set to expire on Sept. 10, but a new, more powerful version could be released Sept. 11. Even if that doesn't occur, some experts said they expected a new virus combining the quickness of SoBig with the destructive power of the recent Blaster worm to surface eventually. "If you take both of those viruses and combine them, then you have something above and beyond a nuisance," Ernst & Young security expert Jose Granado said. "The more people do it, the better they get." Friday, August 23, 2003 Los Angeles Times Worm strikes city, corporate computers Some systems have been able to keep the virus out of their networks, while others have not GLENDALE — Battling spam e-mail has reached a new level for city and corporate computer networks in Glendale as technicians worked feverishly to fend off a new virus, the Sobig.f worm. The worm, reportedly the fastest and most widely distributed computer virus to date, is written to affect computers using Microsoft Windows 2000 or XP operating systems through e-mail. Out of billions of e-mails sent every day across the globe, one out of every 17 e-mails sent this week was reportedly infected with Sobig.f. The worm apparently does not maliciously destroy or steal data from the computers it affects, but the sheer number of e-mails it is sending throughout the Internet could affect use, administrators say. "I wonder how bad it's going to get here," said Scott Harmon, Glendale's assistant director of information services. "Are [virus writers] just going to flood the world? If it takes over mail, then that's just as good as shutting [the Internet] down." The city has managed to keep damages from Sobig.f down to a minimum, with about 15 machines affected, Harmon said. About 110 machines out of the city's network of 1,600 computers needed the patch, which repairs the weakness in the software and removes the virus. "In looking at all the other companies, we've been doing pretty good," Harmon said. "Some companies have been laid flat." DreamWorks SKG computers were hit a little harder by the worm, bringing down their network for a short time, company spokeswoman Susan Bennett said. "We were crippled a short time," she said Friday. "Thank God, we have outstanding [information technology] people who were off and running today." Of about 1,000 computers at Glendale Adventist Medical Center, 400 machines needed a patch to clear out the worm and protect it against further attack, said Sharon Correa, Glendale Adventist's director of information technology. Her staff began to see a surge of e-mails infected with Sobig.f on Tuesday night and have worked around the clock since then to attend to each computer, Correa said. Despite some Internet service disruptions, she said her staff had the problem under control. "We have never been in a position where patient care was compromised because of the virus, though, thank God," Correa said. Home users, who do not have a staff of IT administrators to watch over their computers, are most susceptible to Sobig.f. Home users should keep their virus software and operating systems updated as frequently as possible, experts said |
|
|
|
|
|
There is one Universe.
It is perpetual, in equilibrium;
and, a manifestation of the
Unified Concept; thus;
. . . the Fundamental Postulate.
also,
are a single discipline, Philogic,
which proclaims perpetuity
and the nexus of Life; such is
. . . Conceptualism.
This symbol indicates:
not complete, or more information needed . . .
please E-mail
your information, corrections, documents, photos,
inquiries, or any other needs to:
Brunardot@Brunardot.com
Return to Top of Page
Brunardot.com website
Dedicated to Giordano Bruno, Leonardo da Vinci.
Leonardo da Pisa, Arturo Meniot, & Denis Diderot
Terms of: © Copyright 1999-2017 by Brunardot
CONCEPTUAL Applications
Family of Informational Websites
Emphasizing Philogic, a discipline that overarches
Science, Theology, and Philosophy (STP)Website Design by: CONCEPTUAL Applications
a division of: WebComm21
030822 7:07 pm