August woke people to some new antics from virus writers. As the Blaster and SoBig worms spread to millions of PCs, concerns were raised—particularly by SoBig—about follow-on attacks that would coincide with September 11. Some analysts are worried that new strains of SoBig or features of the original variants could be slated to strike this week. This is a good time to take precautions.
On August 21, security firm Central Command issued an advisory cautioning Internet users that the next possible SoBig cyberattack might occur on or about September 11. The SoBig worm appeared in several guises when it struck in late August. The SoBig.F variant infected millions of PCs and raised concerns that it might be constructed to install a back door on infected PCs, intending to use those systems as part of a large-scale cyberattack. A SoBig.E derivation, which hid inside zipped file attachments, also hit.
The Central Command advisory included the following: “The virus author(s) of Sobig have developed a predictable pattern of releasing new variants soon after the current version de-activates itself, said Steven Sundermeier, VP of products and services at Central Command. If the past repeats itself we could be looking at a newly constructed creation shortly after September 10th. A potential risk is that the massive army created by Worm/Sobig.F could be used to launch an all out attack on large Internet infrastructures, for example, by means of a Distributed Denial of Service attack (DDoS).”
Virus experts found the architecture of SoBig unusual. For example, it was highly efficient at grabbing e-mail addresses to use in spreading itself, searching a number of possible sources. And because virus writers cant predict the success their efforts will have, theyll copy and refine those viruses that do spread, thus SoBig appeared in a surprising number of flavors.
To help you protect your systems against worms and viruses PC Magazine created a list of steps you should take. This week may be a very good time to revisit those steps.
Discuss this in the eWeek forum.