Experts Warn of Possible SoBig Attack
UPDATE:Anti-virus experts warn that PCs infected by the SoBig.F worm may on Friday become part of a massive Internet attack.Just when you thought it was safe to go back on the Internet, anti-virus experts are warning that PCs infected by the SoBig.F worm may on Friday become part of an as-yet unknown attack. Experts at both Sophos Inc. and F-Secure Corp. say that the worm is programmed to automatically connect to one of several machines controlled by the worms creator. Once the connection is established, the worm will download and execute an unknown piece of code. Its not known what the program is designed to do, but experts fear it may involve a massive distributed denial-of-service (DoS) attack or something similar. The downloads are set to commence at 3 p.m. EDT Friday and end three hours later.
Officials at Symantec Corp., in Cupertino, Calif., said that as of about 5:15 EDT Friday, 17 of the 20 servers that SoBig-infected PCs are programmed to contact are not responding. The remaining three machines are redirecting visitors to an adult Web site. Despite fears that the mass of infected PCs attempting to contact those servers would disrupt Internet traffic, measurements taken by Keynote Systems Inc., in San Mateo, Calif., show that so far there has been no effect on the overall performance of the global network.
188.8.131.52 Although the download times are coded into the worms instructions, its unclear whenor even ifany attack involving infected machines might begin. Theoretically, such an attack could begin any time after the program has been downloaded. Or, the attacker could wait weeks or months, biding his time until most people have fogotten about the worm. But, by then, the worm may be eradicated from many of the PCs that are infected right now. (Editors Note: This story has been modified since its original posting to include updates on the attack from Symantec and Keynote.)