Viruses & Malware

Sobig-F has taken the record as the world's most rapidly spreading virus to date, according to managed services firm MessageLabs, which stopped more than one million copies of the email-borne nuisance since its first appearance earlier this week.

Sobig.F has surpassed the infamous LoveBug, Klez and Kournikova viruses.

Sobig-F, first detected on 18 August, is the sixth variant issued in the Sobig series and appears to be the most sophisticated to date, according to MessageLabs. All initial copies originated from the US, where the virus is currently most prevalent.

The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.

A computer virus designed to inoculate against another infection brought down some computer networks Tuesday, forcing Air Canada to check in passengers manually at airports across the country. Long lines formed at counters at Vancouver International Airport as the virus slowed Air Canada's computer system, spokeswoman Laura Cooke said. The virus, of the self-spreading kind known as a "worm," affected the airline's call center in Toronto and check-in systems across the country, she said.

A lot has been said about cyber terrorism. I recently attended a talk by Ira Winkler on the subject. Ira basically said that cyber terrorism is not genuinely feasible. I tend to disagree; I think that targeted cyber terrorism is hard to effectively achieve - for instance taking down the power grid of a specific country. This in itself is a complex argument, and it is not within the scope of the paper to consider it here. Instead let us consider something that I believe is a real and present threat.

Antivirus companies warned Tuesday that a new version of the Sobig virus is rapidly spreading on the Internet, the latest in a string of Sobig computer worms to be released. The new worm, W32.Sobig.F, first appeared on Tuesday, prompting antivirus software companies to release updated virus identity files to detect and stop the new threat.

F-Secure Corp. of Helsinki rated Sobig.F a "Level 2 Alert," indicating a large number of infections. Sophos said that it had received "many reports" of the latest Sobig worm from customers.

A new Internet worm emerged today that is designed to seek out and fix any computer that remains vulnerable to "Blaster," the worm that attacked more than 500,000 computers worldwide last week.

The Blaster worm has infected hundreds of thousands of Windows machines, shut down the Maryland state DMV, put network administrators on overtime, crashed countless consumer's home computers, and on Saturday it will attempt a denial-of-service attack on Microsoft's Windows Update site. But that doesn't make it all bad.

Another virus, another epidemic.
Two years after the Code Red and Nimda worms spread across the Internet, home users and many companies still aren't doing enough to secure themselves against Internet threats, said security experts.

The Blaster worm, which has caused untold misery for Windows PC users this week, is also capable of affecting the operation of networking equipment.

As was the case with the Code Red worm, Cisco products that ship with Microsoft technology need protection against the Blaster worm. In the case of the latest Microsoft-targeted malware, however, vulnerable products are probably less exposed because of differences in the ways the two worms spread. With Code Red there was definite denial of service risk, this time its easier to tuck products behind a firewall and minimise the risk.

l33tdawg: Word to spasmgut for the link to the story.

A worm has started spreading early afternoon EDT (evening UTC Time) and is expected to continue spreading rapidly. This worms exploits the Microsoft Windows DCOM RPC Vulnerability announced July 16, 2003.

Names and Aliases: W32.Blaster.Worm (symantec),W32/Lovsan.worm (McAfee), WORM_MSBLAST.A (Trend Micro),Win32.Posa.Worm (CA),Lovsan (F-secure), MSBLASTER,Win32.Poza.

Infection sequence: