Sunday poses latest SoBig threat

By Gus Bode

SAN FRANCISCO (KRT) – One wave passed Friday without exacting substantial damage on the world’s computers, but the next threat from SoBig was right around the corner:The virus was set to strike yet again at 3 p.m. Sunday.

As of 3:20 p.m., there were no clear indications of whether a fresh virus attack was under way or doing any damage. Representatives of security firms Symantec, Network Associates and Keynote Systems were unreachable by telephone.

Friday afternoon’s expected second major wave of e-mail-borne attacks from the fast-spreading SoBig.f virus was foiled, according to network security analysts. But technology experts and computer-security analysts spent little time celebrating that apparent victory, instead hastening to note that another attempted another strike was on tap for the weekend.

Advertisement

Internet service providers, at the coaxing of international authorities, appeared to have found a magic bullet Friday in shutting down 20 Internet addresses that attackers planned to use as a launching pad, said Craig Schmugar, a Network Associates virus research engineer.

“Just before the attack, five of the 20 addresses were still responding, and none of them are right now,” Schmugar said in a Friday interview with CBS MarketWatch. He said authorities still don’t know who is behind the SoBig virus, which has sent millions of infected messages across the Internet this week.

Keynote Systems, a provider of network performance-management and testing services, reported no unusual problems on the major Internet backbones in the U.S., the Asia-Pacific region or Europe.

Researchers said it’s possible the attack could resume, if one of the Internet addresses were to be reactivated. It appears that one of the 20 addresses might have briefly come back on, said Mark Sunner, chief technology officer of MessageLabs, a New York-based e-mail security software maker, although he said he had no evidence that damage had been done.

“We’re still intercepting SoBig messages,” Sunner said late Friday. “But unless these machines come back online, we’re pretty much over it now.” He said about one in 48 e-mails sent is infected with the virus, down from one in 17 when Just before Friday’s attack deadline, the FBI and other authorities scrambled to turn off all the computers that were set to launch malicious software code to systems that are already infected with the SoBig virus. SoBig earlier this week became one of the fastest-spreading e-mail bugs ever.

At the time, security researchers didn’t know what type of software program the attackers planned to spread.

“We don’t know what the net effect will be, since we don’t know what this Trojan is going to try to download – it could be any number of things,” said Dan Ingevaldson, engineering manager at security software-maker Internet Security Systems (ISSX), minutes before the virus was set to spread Friday.

Advertisement*

He said that the program could have tried to clog e-mail systems with spam messages, or possibly open up back doors into computers to steal files and peek at ostensibly private information.

Researchers discovered late Thursday and early Friday that SoBig was hiding software code that could launch a second, hidden attack. The programmer or group who designed the virus used techniques that made it difficult to find out how it works, Ingevaldson said.

Advertisement