Go Back   nV News Forums > Software Forums > Microsoft Windows XP And Vista

Newegg Daily Deals

Thread Tools
Old 08-22-03, 10:21 AM   #1
muzz's Avatar
Join Date: Feb 2003
Posts: 816
Exclamation Looks like a killer worm to be released today.......

A buddy of mine posted this news alert on another forum, you may want to look at this.......

A Potentially Massive Internet Attack Starts Today; Sobig.F Downloads and Executes a Mysterious Program on Friday at 19:00 UTC

SAN JOSE, Calif.--(BUSINESS WIRE)--Aug. 22, 2003--F-Secure Corporation is warning about a new level of attack to be unleashed by the Sobig.F worm today.
Windows e-mail worm Sobig.F, which is currently the most widespread worm in the world, has created massive e-mail outages globally since it was found on Tuesday the 18th of August -- four days ago. The worm spreads itself via infected e-mail attachments in e-mails with a spoofed sender address. Total amount of infected e-mails seen in the Internet since this attack started is close to 100 million.

However, the Sobig.F worm has a surprise attack in its sleeve. All the infected computers are entering a second phase today, on Friday the 22nd of August, 2003. These computers are using atom clocks to synchronize the activation to start exactly at the same time around the world: at 19:00:00 UTC (12:00 in San Francisco, 20:00 in London, 05:00 on Saturday in Sydney).

On this moment, the worm starts to connect to machines found from an encrypted list hidden in the virus body. The list contains the address of 20 computers located in USA, Canada and South Korea.

"These 20 machines seem to be typical home PCs, connected to the Internet with always-on DSL connections," says Mikko Hypponen, Director of Anti-Virus Research at F-Secure. "Most likely the party behind Sobig.F has broken into these computers and they are now being misused to be part of this attack."

The worm connects to one of these 20 servers and authenticates itself with a secret 8-byte code. The servers respond with a web address. Infected machines download a program from this address -- and run it. At this moment it is completely unknown what this mystery program will do.

F-Secure has been able to break into this system and crack the encryption, but currently the web address sent by the servers doesn't go anywhere. "The developers of the virus know that we could download the program beforehand, analyse it and come up with countermeasures," says Hypponen. "So apparently their plan is to change the web address to point to the correct address or addresses just seconds before the deadline. By the time we get a copy of the file, the infected computers have already downloaded and run it."

Right now, nobody knows what this program does. It could do damage, like deleting files or unleash network attacks. Earlier versions of Sobig have executed similar but simpler routines. With Sobig.E, the worm downloaded a program which removed the virus itself (to hide its tracks), and then started to steal users network and web passwords. After this the worm installed a hidden email proxy, which has been used by various spammers to send their bulk commercial emails through these machines without the owners of the computers knowing anything about it. Sobig.F might do something similar -- but we won't know until 19:00 UTC today.

"As soon as we were able to crack the encryption used by the worm to hide the list of the 20 machines, we've been trying to close them down," explains Mikko Hypponen. F-Secure has been working with officials, authorities and various CERT organizations to disconnect these machines from the Internet. "Unfortunately, the writers of this virus have been waiting for this move too." These 20 machines are chosen from the networks of different operators, making it quite likely that there won't be enough time to take them all down by 19:00 UTC. Even if just one stays up, it will be enough for the worm.

The advanced techniques used by the worm make it quite obvious it's not written by a typical teenage virus writer. The fact that previous Sobig variants we're used by spammers on a large scale adds an element of financial gain. Who's behind all this? "Looks like organized crime to me," comments Mikko Hypponen.

F-Secure is monitoring the Sobig.F developments through the night on Friday the 22nd. Updates will be posted to Sobig.F's virus description at http://www.f-secure.com/v-descs/sobig_f.shtml

About F-Secure

F-Secure Corporation is the leading provider of centrally managed security solutions for the mobile enterprise. The company's award-winning products include antivirus, file encryption and network security solutions for major platforms from desktops to servers and from laptops to handhelds. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since November 1999. The company is headquartered in Helsinki, Finland, with the North American headquarters in San Jose, California, as well as offices in Germany, Sweden, Japan and the United Kingdom and regional offices in the USA. F-Secure is supported by a network of value added resellers and distributors in over 90 countries around the globe. Through licensing and distribution agreements, the company's security applications are available for the products of the leading handheld equipment manufacturers, such as Nokia and HP.

For more information, please contact:

Media contact in the USA:

F-Secure Inc.

Heather Deem,

675 N. First Street, 5th Floor

San Jose, CA 95112

Tel +1 408 350 2178

Fax +1 408 938 6701

Email Heather.Deem@F-Secure.com


F-Secure Corporation

Mikko Hypponen, Director, Anti-Virus Research

PL 24

FIN-00181 Helsinki

Tel +358 9 2520 5513

Fax. +358 9 2520 5001

Email Mikko.Hypponen@F-Secure.com
muzz is offline   Reply With Quote
Old 08-22-03, 05:47 PM   #2
netviper13's Avatar
Join Date: Jul 2002
Posts: 942

They managed to kill the computers supposed to be contacted before the worm was unleashed.
netviper13 is offline   Reply With Quote
Old 08-22-03, 06:29 PM   #3
digitalwanderer's Avatar
Join Date: Jul 2002
Location: Highland, IN USA
Posts: 4,944

Originally posted by netviper13
They managed to kill the computers supposed to be contacted before the worm was unleashed.
Woo-hoo! Hurray for the good-guy geeks!
[SIZE=1][I]"It was very important to us that NVIDIA did not know exactly where to aim. As a result they seem to have over-engineered in some aspects creating a power-hungry monster which is going to be very expensive for them to manufacture. We have a beautifully balanced piece of hardware that beats them on pure performance, cost, scalability, future mobile relevance, etc. That's all because they didn't know what to aim at."
-R.Huddy[/I] [/SIZE]
digitalwanderer is offline   Reply With Quote
Old 08-22-03, 09:13 PM   #4
muzz's Avatar
Join Date: Feb 2003
Posts: 816


Some folks really need to get a life.
muzz is offline   Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dawn of a new wireless: first 802.11ac router available today News Archived News Items 0 05-14-12 08:00 AM

All times are GMT -5. The time now is 03:05 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.