[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 21 August, 2003, 11:35 GMT 12:35 UK
Sobig is biggest virus of all
Screengrab of inbox full of Sobig F virus e-mails, BBC
Lots of people saw lots of e-mails like this in their inbox
The Sobig Windows virus that overwhelmed e-mail inboxes around the world is one of the fastest growing viruses ever.

E-mail filtering firm MessageLabs said it had intercepted more than a million copies of Sobig F in 24 hours, more than for any other virus.

Net service giant AOL said it had stopped more than 23.2 million copies of the virus since it first appeared on 18 August.

Security experts said the virus seemed to be created by spammers to recruit innocent machines to act as untraceable relays for their unwanted messages.

Big hitter

Hundreds of thousands of home users and businesses have been hit by the F version of the Sobig virus over the past couple of days.

Re: details
Re: approved
Re: my details
Re: Thankyou!
Re: That movie
Re: wicked screensaver
Re: your application
Your details
At one point every one in 17 e-mails intercepted by security firm MessageLabs was infected with the Sobig F virus.

"That's just a number we've never seen before," said Brian Czarny, a spokesman for MessageLabs.

The only other e-mail virus to get close to these figures was the LoveBug which peaked at 1 in 28 messages in 2000.

The virus is contracted by opening the attachment it carries that is labelled to make people think it is an innocent screensaver or configuration file.

The virus tries to fool people into opening it by regularly changing its subject line and the name of the attachment.

Anyone receiving lots of copies of the virus will see an in-box filled with messages bearing very similar subject lines.

But what may have helped Sobig F spread is the fact that it can be hard for people to be sure they are infected.

The virus carries its own e-mail sending program and does not use Outlook to despatch infected mail.

Only those monitoring their net connection will notice an increase in traffic but net browsing could slow down for anyone unknowingly sending out lots of infected e-mail messages.

The Sobig F virus caused problems even for those that avoided infection.

The malicious program generated so many e-mail messages that it overwhelmed the inboxes of many people.

Many anti-virus firms have made free removal tools available that help rid an infected machine of the pernicious program.

Home users can avoid infection by updating their anti-virus software and by being suspicious of unexpected e-mail messages they get from people they do not know well.

As well as plundering Microsoft Outlook address books for new victims, Sobig F also attempts to implant a background program that turns infected machines into a relay for any messages sent by the virus's creator.

Mikko Hypponen, manager of anti-virus firm F-Secure, said Sobig F had been written by a spammer looking for ways to get past spam filters.

He said: "For once, we have a clear motive for a virus - money."

Sobig F is not the first time that a spammer has tried to spread a message in this way.

In June this year the AVF virus was found which also tried to turn infected machines into proxies for unwanted commercial mail messages or spam.

Security staff at many companies have had a busy 10 days as three viruses have hit within days of each other. Sobig F was preceded by the MSBlast worm and another program called Welchi that tried to fix the vulnerability used by the worm.

The BBC's Sarah Morris
"One estimate says that one in 17 messages are now infected"


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific