Viruses & Malware

According to media reports, an accountant from Hoover, Alabama, has been acquitted of nine counts of tax evasion and filing fraudulent personal and business state income tax returns after a jury accepted his story of computer virus attack.

Prosecutors at Montgomery County Circuit Court had accused Eugene Pitts, a 44-year-old auditor, of under-reporting income between 1997 and 1999. His accounting firm, Pitts, Daniels & Co., grossed more than $1 million during those years, but the numbers on Pitts' tax returns for the period did not reflect this.

Sussex Police has been hit by a worm that has knocked out its office computers and forced workers to switch to back-up systems. Emergency calls are not being affected.

The organisation confirmed to ZDNet UK that it has been hit by the W32/Nachi worm, which is a variant of the MSBlast worm that started spreading around the globe early last week.

Romanian researchers claim to have discovered a variant of the Sobig.F virus that looks to mail and domain name servers at Time Warner Telecom for information about how to modify its behavior. The first Sobig.F virus contained an encrypted list of the IP addresses of 20 servers. At a predetermined time, the virus would contact each server in turn until one responded with the URL of a file, which the virus would then try to download and execute.

A new version of the Sobig.F e-mail virus that has plagued computers worldwide could arrive any day, even before the latest variant is timed to expire on September 10, security experts warned.

"Another virus could be released any time," said Steve Trilling, research director with the Security Response Team at Symantec Corp., a U.S.-based security company. "We can never be complacent when one threat seems to die down."

An Internet worm that turns computers into spam machines has infected 30% of all e-mail users in China, the country's top Web security firm said on Friday.

More than 20 million users opened and passed along the Sobig.F virus -- called the fastest spreading Web worm ever -- to domestic and regional networks, Hao Ting, spokesperson for Beijing Rising Technology Shareholding, told Reuters.

"We have not seen anything spread so fast," she said by telephone. "It could get worse because there is very limited awareness of viruses and preventive measures."

The FBI subpoenaed an Arizona Internet service provider to trace the culprit behind a fast-spreading e-mail virus that security experts said may have first been posted to an adult pictures Internet site.

One expert said the Sobig.F e-mail virus was disguised so that anyone who clicked on a link purporting to show a sexually graphic picture became infected with the self-replicating worm, which then spread itself to other e-mail addresses.

A computer virus that circulated across the Internet this week, hard on the heels of another nasty online infection, is the fastest e-mail outbreak ever, an anti-virus company said. MessageLabs, which scans e-mail for viruses, said that within 24 hours it had scanned more than one million copies of the "F'' variant of the "Sobig'' virus, which was blamed for computer disruptions at businesses, colleges and other institutions worldwide.

Central Command, a provider of of PC anti-virus software and services, today cautions Internet users of the next possible Sobig cyber attack on or about September 11th, 2003. Discovered on August 19, 2003, Worm/Sobig.F is estimated to have infected millions of systems worldwide and may draw on them to be part of a cyber army focusing a digital assault against major online services. When particular conditions are met, Worm/Sobig.F will attempt to download additional components of the attackers choice.

Symantec, the world leader in Internet security, today announced that it has upgraded the W32.Welchia.Worm from a level two to a level four threat. Symantec is receiving reports of severe disruptions on the internal networks of large enterprises caused by ICMP flooding related to the propagation of the W32.Welchia.worm. In some cases enterprise users have been unable to access critical network resources.

A computer virus was blamed for bringing down train signaling systems throughout the East on Wednesday.

The virus infected the computer system at CSX Corp.'s Jacksonville, Fla., headquarters, shutting down signaling, dispatching and other systems at about 1:15 a.m. EDT, CSX spokesman Adam Hollingsworth said.

"The cause was believed to be a worm virus similar to those that have infected the systems of other major companies and agencies in recent days," Hollingsworth said.