World's worst computer virus infects 1 in 17 e-mails

Click to follow
The Independent Online

The worst e-mail virus ever hit computers around the world yesterday as American spammers succeeded at one stage in infecting one in every 17 messages on the internet.

The SoBig-F virus affects Windows PCs, making them covertly download a program that turns the machine into a "zombie", allowing spammers to take control of it.

Dozens of copies of the virus are then sent via e-mail to addresses culled from the infected PC's files. The number of e-mails generated suggests that millions of PCs have potentially been infected. Users are likely to face even more unsolicited spam in coming days.

Steve Linford, chief executive of the London-based anti-spam organisation Spamhaus, said: "It's the most destructive thing we've ever seen. It's causing havoc on the Net."

He said that the greatest threat from SoBig lies ahead, because the spammers who commissioned it use the "zombie" network created from infected machines to send out even more spam e-mails and even to attack organisations or networks.

"The problem is that the people who are being infected are home users or small offices with broadband connections, who are using Microsoft Windows, and because there's so many of them this [virus] has infected far more than any previous one."

He said that anyone taking control of the "zombie" network would be able to attack government or military computer networks, simply by telling them to try to connect to them.

"That would suck up all the bandwidth to them," he said. Mr Linford paid grudging respect to the author of the virus. "It's incredibly well-written," he said. "It's very very small but ... it can send dozens of messages. And it's going like wildfire."

Spamhaus believes that American spammers who want to send out more messages commissioned a programmer to write the virus, which has appeared in different variants since January 2003. The problem of the number of e-mails generated by SoBig-F was magnified by automated e-mail systems which sent out warnings every time they received a copy of the infected e-mail.

Because the virus fakes its source, each automated message was sent to an innocent user. "Those are really daft," said Graham Cluley, senior technology consultant at the antivirus company Sophos. "They're sending it to the wrong person, which causes them to think they're infected, and it generates more e-mail."

But he noted that the volume of infected e-mails was causing problems even for companies with safeguards in place.

"Even if you are stopping those e-mails at the gate, if you're receiving 2,000 copies of SoBig and one useful e-mail your system has to crunch through the 2,000 rubbish ones to find the single good one." SoBig-F has spread much faster than any other e-mail virus, including the "Love Bug" released by a programmer in the Philippines in April 2000.

"The past week and a half has been a worm war during which we've not got much sleep. I think this latest one should be called SoHumungous - the amount of e-mail traffic it's generated has been huge," said Mr Cluley.