Feared Attack From SoBig Virus Fizzles | eWeek

Feared Attack From SoBig Virus Fizzles

Écrit par
Anick Jesdanun
Anick Jesdanun
Aug 22, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

NEW YORK (AP)—A feared Internet attack resulting from a fast-spreading computer virus fizzled Friday, as security experts said they contained it by identifying and blocking computers key to coordinating it.

Instructions written into the latest version of the “SoBig” virus, which has caused enormous headaches since it began appearing Tuesday, called for infected Windows machines to try to download a program that, until the attack began at 3 p.m. EDT Friday, had an unknown function.

Experts feared the program could have deleted files, stolen passwords or created rogue e-mail servers for spreading junk e-mail.

But when the appointed time came, all the virus did was visit a pornography site, said Vincent Weafer, security director with Symantec Security Response.

“There is nothing malicious, just a standard sex site,” he said.

The attack began with the virus attempting to reach one of at least 20 computers, mostly in the United States and Canada, to obtain information key to continuing. Infected computers were programmed to keep trying every Friday and Sunday between 3 p.m. and 6 p.m. EDT.

Antivirus experts identified those computers and persuaded their Internet service providers to shut access to some of them.

“Theres a potential risk for Sunday, but I think its really mitigated,” said Chris Rouland, vice president for research and development at Internet Security Systems Inc. “All the network operators are aware they need to block these (Internet addresses) now.”

The attempted attack also created higher-than-normal Internet traffic that was “measurable” but not enough to congest the Net, he said.

Mikko Hypponen, manager of antivirus research with F-Secure Corp. in Finland, said users should clean their computers using antivirus software—antivirus companies have issued free tools to do so—or turn off machines if they cannot run the disinfecting software.

Users with firewall programs can also block UDP port 8998, which is the Internet opening the virus uses to communicate with the outside world.

Already, SoBig has resulted in e-mail disruptions at several businesses, universities and other institutions. Sobig did not physically damage computers, files or critical data, but it tied up computer and networking resources.

The New York Times asked employees at its headquarters to shut down their computers Friday because of “computing system difficulties.” Spokesman Toby Usnik declined to discuss whether a virus might be to blame, but said the newspaper will publish a Saturday edition.

Users get the SoBig virus when they click on attachments to e-mail carrying such subject lines as “Details,” “Approved” and “Thank you!”

One e-mail company, MessageLabs Inc., has declared it the fastest e-mail infection ever. Symantec reported the spread as “steady” Friday.

The SoBig outbreak came just one week after a virus known as “LovSan” and “Blaster” took advantage of a flaw in the Windows operating system to clog computer networks around the world. The “Blaster” outbreak has started to subside, experts said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.