SoBig Encore Not Likely, Say Experts
Anti-virus experts downplay recent claims that there is a second hidden cache of data in the worm's code that directs infected computers to contact a group of mail and name servers owned by an AOL Time Warner subsidiary.Anti-virus experts are downplaying recent claims that there is a second hidden cache of data in the SoBig worms code that directs infected computers to contact a group of seven mail and name servers owned by an AOL Time Warner Inc. subsidiary. Officials at BitDefender, a unit of Softwin SRL in Bucharest, Romania, said on Tuesday that they had found a second set of encrypted server addresses in the code of the eminently annoying SoBig.F worm. All of the server names appear to belong to Time Warner Telecom Inc. "The code is quite straightforward and accurately indicates that the virus asks for information at this address, waits for the answer and than runs the downloaded file on the infected host," said Mihai Chiriac, a virus researcher at BitDefender. "As for the moment, there is no information at any of these addresses; we cant predict the codes effects."
BitDefenders claims come less than a week after a similar warning from several anti-virus companies touched off fears that the hundreds of thousands of SoBig-infected machines would all contact one of 20 PCs whose IP addresses were hidden in the worms code. Once connected to one of the PCs, the infected machines would download an unknown file and experts worried the action could be the precursor to a large-scale secondary attack.