Education can help to make the Web safer, but the day may be coming when ISPs simply deny surfing rights to inadequately protected customers
Hollywood could not have made up a more menacing sequel. Let’s call it Blaster Worm II: Attack of SoBig. Hot on the heels of the Blaster Worm scare, another nasty virus virus spread out across the Internet in late August, taking over mail programs of vulnerable machines running Microsoft operating systems and then replicating themselves from computer to computer via bogus e-mails. The sixth and worst variation, SoBig.f, hit on Aug. 19.
In the end, the Feds and good geeks worldwide saved the day, unraveling the secret code for the SoBig worm just in time to prevent mass calamity. On Aug. 21 a team of Finnish antivirus experts discovered encrypted code that held the identity of 20 sleeper computers connected to broadband links. The SoBig author had included commands that would direct the untold thousands of infected computers to call in to those sleeper machines and download a mysterious Web link on Friday, Aug. 22, at 3 p.m. EST. The link could have contained code to launch a new and more serious attack, the experts feared. In fact, it seems it only redirected machines to a porn site, but the idea of huge numbers of infected computers coming under outside control simultaneously has a distinctly ominous edge.
U.S. law enforcement may also be on the trail of the worm author. The FBI has served a subpoena to a Phoenix, Ariz., Internet service provider for tracking information. And a massive digital posse continues to search for clues on the Net that might reveal the origins of SoBig.
“POLLUTED PROTOCOL.” While a major crisis was averted, the SoBig virus still managed to infect half a million computers worldwide, crashing mail servers and sending hundreds of millions of bogus messages using a technology called multithreading that allows programs to send multiple messages simultaneously. The back-to-back chaos from Blaster and SoBig caused delays in Amtrak trains, closed banks in Norway, and interrupted Internet service at department stores in Singapore. Departments at several state governments shut down to deal with infected machines, and Air Canada’s check-in systems checked out under the weight of the attack.
The worms also hit university networks, where thousands of users log in from often unprotected home PCs. The timing, as tech staffs were ramping up for the back to school rush, could not have been worse. “It has been a nightmare. We’ve got 2,000 systems here and we are barely keeping our heads above water,” says William Richter, a technology specialist at Edinboro University, a state school in Western Pennsylvania.
Damage estimates range from $500 million to more than $1 billion in lost productivity, hours wasted, and lost sales. Clearly, in terms of cyber-misery, the past two weeks have set a new high-water mark. “There’s an incredible amount of [virus] activity, and collectively, it’s becoming very annoying,” says Dave McCurdy, CEO of the Internet Security Alliance (ISA), a nonprofit advocacy and education group based in Arlington, Va. Chris Belthoff, a senior security analyst at antivirus software maker Sophos, worries about the eventual impact: He thinks such worm attacks are turning e-mail into “such a polluted protocol that it’s quickly becoming unusable from a business perspective.”
VIRUS MUTATION. That might be a bit of an overstatement. But even Sophos’ mail servers — patched, updated, and armored against the SoBig attack — slowed under the bombardment of e-mail traffic unleashed by the SoBig worm. Technically, Apple (AAPL ) machines weren’t supposed to be vulnerable to the Microsoft-targeted virus. Yet, Apple users with the misfortune of having their e-mail address stored in a machine infected by SoBig also had to spend a good deal of time erasing bogus e-mails. In fact, increasingly, anyone who surfs the Net will find they have been either directly or indirectly affected by the rising tide of malicious software floating on the Web.
This latest generation of worms has led to speculation that spammers and virus writers have formed a sinister alliance that could turn infected machines into hard-to-track, and hard-to-stop, spam-delivery mechanisms.
Loading ...