The worm, a malignant computer virus, has infected thousands of computers at the University of Wisconsin.
UW reported serious problems after the worm, known as Sobig.F or Sobig, crept past the campus’s virus-detection system and infected more than 2,000 computers, generating millions of system-slowing messages.
“It filled all our e-mails with a lot of junk mail,” UW Division of Information Technology chief information officer Annie Stunden said. “It slowed our ability to work on our computer systems.”
E-mail traffic on the 60,000 computers on campus totals 1 million messages on an average day. The worm, however, caused a surge of more than 10 million. DoIT responded quickly and updated its filtering software, and within 20 minutes was able to contain the worm. By Aug. 20, after 24 hours, only 20 computers were still infected with the virus.
“One of our concerns now is when students come back to make sure they get anti-virus software,” Stunden said. “We want to make sure computers are protected.”
Sobig affects vulnerable PCs running the Microsoft Windows operating system. It moves through computer networks via e-mail messages. Once a computer has been infected, it takes over the user’s e-mail account and sends out infected mass mailings without the user’s knowledge, creating the potential for major exponential dissemination over the Internet.
Because it operates under a users’ computerized address list, the “From” line on the e-mail is faked and appears as if the e-mail were sent from someone the recipient knows. It can be identified by at least nine possible subject headings, including “Re: Details,” “Thank You!” and “Wicked Screensaver.”
MessageLabs Inc., a New York-based e-mail security and filtering company, labeled Sobig as the fastest-growing virus ever. The second day of the virus’s life, Aug. 19, “marked an unprecedented new level in virus propagation and demonstrated the growing ability of virus writers to disrupt business around the globe,” MessageLabs Chief Technology Officer Mark Sunner said in a statement.
This is the sixth variation of the Sobig virus, which first appeared in January 2003. The virus does not appear to be destroying any data or causing other lasting harm to machines and computer networks. However, the resulting hassle adds to its severity.
The most recent strain of the worm blasted corporate and government e-mail networks during the first week. CSX Transportation stopped its passenger and freight trains, including morning commuter service in the metropolitan Washington, D.C., area, after the virus overwhelmed its telecommunications network.
Sobig.F was designed to be difficult for anti-virus software to detect. It is also among a new class of viruses that seem to spread more rapidly than older versions. However, the worm’s creators set Sept. 10 as the expiration date for the virus, which will effectively stop this variant from spreading after that date.
For more information about how to protect UW computers from the worm, see www.doit.wisc.edu.