Sobig.F is Fastest Spreading Virus Yet, August Becoming Epic Month for Worms

Several security companies said that the sobig.f mass-mailing worm is the fastest spread of the virus, but the infection rate has exceeded the initial letter of job-seekers, like, Anna Kournikova and other notorious malware .

At the same time, security vendors are aware epic nature, and therefore, since August. With sobig.f, blasting / Lovsan, welchia / Nachi worms and other Internet in rapid succession hit a lot compared to the summer of 2001, when the Code Red, Nimda and sircam convicted.

"[Sobig.f] is the number one virus of all time, the spread of mass mailing e-mail viruses," Steven sundermeier, vice president of the anti-virus company Central Command said that the worms first 24 hours. Only Klez infected more machines, according to Kaspersky Lab, and that the virus has since October 2001 to do its work.

"Yesterday marked an unprecedented new level in virus propagation, showing more and more capability, virus writers to disrupt business around the world," Mark sunner, the technical director in the message in a laboratory the statement said.

Anti-virus software vendors are differences in the views of the seriousness of sobig.f, leaving a Trojan Horse virus on the infected machine, the attacker could take any action with the machine - from stealing personal financial information, use of the Acting as a future system for the future malicious code.

And mobile phone supplier also agreed that e-mail traffic generated sobig.f high, the use of traditional methods worm infection - trying to lure users to open e-mail attachments - it is relatively easy to make worm administrators to protect against, and for the more advanced moderate users ignore problems.

Symantec, for example, raised its alert level, sobig.f 2 to 3, but was seen as welchia / Nachi more serious four on its five-point scale. Trend Micro also be assigned only a medium rating sobig.f. F - Secure Corporation, but on the other hand, to the worm "first-level alert," its most serious rating. McAfees hedging measures, betting that it is a high risk for home users and a medium risk for corporate users.

Some observers are exploring the possibility that vigorously spread sobig.f because the original practice, the worm - leverage agency networks used by spammers. In a note on its Web site, Kaspersky Lab officials wrote, "It may well be that the author used a spammer technologies used to produce a large number of malicious e-mail attacks to the customers around the world" .

Central Command sundermeier explained how such an approach would affect initial infection. "Another author may only issue [the virus] to 500 or 1,000 addresses, sobig In fact, a spray hundreds of thousands of users, a growing number of users clearly in the shooting, there were more opportunities, it is to mushrooms and balloons, we see this massive Trojan initial explosion, but they are not self-replicating. Sobig.f is the first example of a successful mass-mailing worm to do this. " Sundermeier raised the possibility that the virus writers and spammers to take advantage of the others work, and in these circumstances, spammers have started using a hidden network of agents may become sobig.f infection.

In any case, few people doubt that the rapid success sobig.f is an isolated incident. Since the first sobig worm out in January, successive versions have been progressively more successful in growth, According to the laboratory. Included in the maturity date, in each version, including sobig.f (September 10), as is the guarantee of the virus continue to fine-tune the author of the code.

At the same time, sobig, is just one of several major worms appeared this month. "2001 still stays in the history of the worst virus year, but it has already begun to gain as bad. Within a week, we have seen several major virus outbreaks, there are some completely new technology, in the virus, said: "Mikko Hypponen, director of anti-virus research director of the F - security.

Trail of the worm in August, including shock / Lovsan, it begins to spread, August 11, using a loophole in Microsofts patch in mid-July welchia / Nachi, worms use the same loopholes, and to eliminate use of shock wave Microsoft patch Lovsan. Development, and use of a variant of the Blaster worm is not enforceable mspatch.exe msblast.exe sobig.f Duma, it seems to be Tuesday, and attempts to use sobig.f problems. The message from support@microsoft.com, and provide an executable Annex infected machines. Microsoft never e-mail patch as an attachment.