Valley companies, residents combat Sobig virus
Alle-Kiski Valley companies and personal computer users moved quickly this week to minimize the damage from an Internet worm that one anti-virus company is calling the fastest e-mail outbreak ever.
MessageLabs, a global e-mail security company that scans e-mail for viruses, said that within 24 hours, it had scanned more than 1 million copies of the "F" variant of the "Sobig" worm.
The previous record was "Klez," with about 250,000 copies spotted during its first 24 hours earlier this year, MessageLabs Chief Technology Officer Mark Sunner told the Associated Press.
Unlike classic viruses, a worm like Sobig doesn't latch onto a program or file to spread. Instead, it attempts to replicate itself by sending out infected e-mail.
Sobig doesn't physically damage computers, files or critical data, and it is expected to deactivate after Sept. 9.
The subject line of messages with the virus include "Re:Approved," "Re: Wicked screensaver," "Re:That movie," and the message reads "Please see attached file for details." If a recipient clicks on the attachment, the computer will be infected.
The worm will then send itself out names it finds within the computer's address book and can use those names to forge a return address.
Sobig began appearing Tuesday, just a week after a separate virus, "Blaster," wreaked havoc on computer systems around the world.
The virus was blamed for computer disruptions at businesses, colleges and other institutions across the Valley. Users complained of receiving notices about returned e-mail messages they never sent and other unwanted junk e-mail.
Area companies and organizations took rapid steps to protect their computer networks from this new threat.
Computer specialists at Allegheny Valley Hospital and Citizens Ambulatory Care Center had been working around-the-clock for two days as of Thursday afternoon to install patches that repair holes in virus protection software on 350 hospital computers, said Linda Fergus, manager of information services for the Alle-Kiski Medical Center.
Most of the repairs were behind-the-scenes, and use of the network wasn't disrupted for more than a few minutes at a time, Fergus said.
"It's been more of a headache for (Information Services) than anything," she said.
Jim Scanga, IT Services manager for Medrad, said a robust anti-virus system protected the medical device company in RIDC Park in O'Hara from the Sobig virus.
Scanga sent a message to all Medrad employees about the worm to address questions from users who still received the text portion of infected messages even though the virus itself had been trapped.
"Our systems are all protected," Scanga said. "Basically (Sobig) is just a nuisance."
Jo Artoyo, director of information technology for Spinnaker Networks, and Michael Bussler, chief executive officer of Algor Inc., both in RIDC Park, said their security systems were able to prevent virus outbreaks on their networks.
"As a result of the due diligence and quick action of our IT staff, we have not experienced any difficulties from any of this recent stuff," Bussler said.
Bussler said that his rigorous use of anti-virus software at home prevented him from feeling the effects of Sobig on his home computer.
"But I shudder to think what would happen if I didn't pay attention," Bussler said.
The customers of MicroConnect, a New Kensington-based Internet Service Provider, also were protected from the Sobig worm, said MicroConnect Web developer Gene Laratonda.
"But even through we're protected from it, other people on the Internet who weren't are still propagating e-mail to our customers," said Laratonda, who worked Thursday to remove a related virus from MicroConnect's system.
"The anti-virus companies can't write fixes fast enough for all of the variants of the viruses," he said. "So it's a cat-and-mouse game, and it's no fun."
Home users can protect themselves by using an Internet firewall, updating security software and by installing up-to-date anti-virus software, Laratonda said.
The Associated Press contributed to this report.
On the WebTo learn how to protect your Windows machine from Internet viruses, visit www.microsoft.com/security/protect .
Information about the Sobig virus can be found at www.symantec.com .