UPDATE:Sobig Virus Spread Is Fastest Ever; Nachi Continues
The "Sobig.F" computer virus that began attacking e-mail systems globally Tuesday has been declared the fastest spreading e-mail virus of all time. Meanwhile, the Blaster and Nachi Internet worms continued to bombard corporate networks and even caused slowdowns on parts of the Internet backbone.
"People throw up their hands," says Andy Ellis , chief security architect at Akamai Technologies Inc. (AKAM). "There's only so many things people can focus on at one time."
MessageLabs Inc., a company that filters e-mail for corporate clients around the world, said it intercepted more than a million copies of the Sobig.F virus Tuesday, the most it has ever intercepted in a single day. That was one in every 17 e-mail messages the firm scanned.
"That's just a number we've never seen before," said Brian Czarny, MessageLabs' marketing director. The most widespread virus of all time, Klez, at its peak accounted for one in 125 messages scanned.
Sobig.F continued to spread aggressively on Wednesday, though the pace eased off a bit to about one in 60 messages, he said.
AOL Time Warner Inc.'s (AOL) America Online unit said it blocked 13 million virus-carrying e-mails between Tuesday morning and Wednesday morning, 11.5 million of which were copies of Sobig.F. During the period, it scanned 31 million messages with attachments, triple the normal load. America Online has been automatically blocking e-mail viruses from reaching member accounts since April as part of a partnership with Network Associates Inc. (NET).
The virus, which is the sixth and latest strain of a virus that first emerged in January, spreads through Windows PCs via e-mail and network file-share systems. Besides clogging e-mail systems full of messages with subjects like "Re: Details" and "Re: Wicked screensaver," the virus also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into spam machines.
"It's a seeding," Czarny said. "All they're looking to do is plant that Trojan."
While the Sobig.F virus can overwhelm e-mail servers and deleting all those messages can consume users' time, said Akamai's Ellis. "I think Nachi's really going to be the one that hurts us from the volume perspective - us being the Internet."
The Nachi worm, which first appeared last week, spreads through Internet connections to PCs using versions of Microsoft Corp.'s (MSFT) Windows operating system that hadn't been fixed for a programming flaw. Microsoft disclosed the error, and provided a patch to fix it, on July 16. Nachi appears to have been created to fight off Blaster, which also exploited the flaw, because it tries to remove Blaster from PCs and download Microsoft's patch.
In response to the Blaster outbreak, which caused disruptions for hundreds of thousands of computers last week, Microsoft launched a "Protect Your PC" campaign on Tuesday. The company bought ads in several newspapers and set up a Web site,
www.microsoft.com/protect, to educate customers about setting up firewalls, regularly downloading software security fixes and using antivirus software.
Nachi may not be more widespread than Blaster, but it has a technically superior scanner for finding vulnerable machines to infect. As such, it's now generating more Internet traffic than Blaster - twice as much, Ellis said.
The worm hasn't, as of yet, caused any widespread failures that have affected the Internet as a whole, he said. But a lot of companies have been reporting problems inside their networks, and there have been "a couple of points where parts of the backbone had performance issues" in the last 24 hours, he said, especially Tuesday afternoon when Nachi's scanning rate jumped, a sign of a rising infection rate.
"Nachi is a long-term problem that has to be dealt with. These systems absolutely have to be patched," Ellis said.
“冲击波”余波未平,“巨无霸”接踵而至
周二开始袭击全球电子邮件系统的“巨无霸”蠕虫电脑病毒新变种“Sobig.F”已经被列为有史以来传播速度最快的电子邮件病毒。与此同时,“冲击波”(Blaster)和Nachi互联网病毒仍在到处肆虐,破坏公司电脑网络,甚至造成部分互联网主干线的滞缓。
Akamai Technologies Inc.首席安全专家Andy Ellis说,“人们举手投降了。毕竟在同一时间能处理的事情有限。”
另外,CSX Corp.旗下子公司CSX Transportation的IT系统感染电脑病毒,导致客运和货运一度中断。病毒使该公司的通信网络出现故障,导致调度和信号系统失灵。CSX称,截至美东时间周三中午,主要通信系统已经恢复正常。
全球企业客户电子邮件过滤外包商MessageLabs Inc.称,周二该公司拦截了100多万个Sobig.F病毒的副本,创该公司单日拦截病毒副本数之最。经该公司扫描的邮件中,平均17封中就有一个病毒副本。
MessageLabs市场部主管Brian Czarny说:“这是前所未有的事。”在此之前,传播最广的病毒Klez在其最活跃的时期也不过平均125个邮件中才有一个病毒副本。
Czarny说,Sobig.F周三仍在继续蔓延,但势头略为减缓,病毒副本数和邮件的比例下降至1:60。
Sobig.F是今年1月份出现的一种蠕虫病毒的第六个变种,也是最新的变种。这种病毒通过电子邮件和网络文件共享系统,在使用Windows操作系统的个人电脑中传播。Sobig.F会使电子邮箱中充斥著主题为“Re: Details”(回复:您的详细资料)和“Re: Wicked screensaver”(回复:不错的屏幕保护)等的邮件。同时,它隐藏的特洛伊程序一旦植入电脑,将为骇客实施远程遥控打开后门,并将被入侵的电脑变成发送垃圾邮件的机器。
“就象播种一样,”Czarny说,“它要做的就是设法植入这个特洛伊程序。”
