ShareThis Page
News

Valley companies, residents combat Sobig virus

| Friday, Aug. 22, 2003

Alle-Kiski Valley companies and personal computer users moved quickly this week to minimize the damage from an Internet worm that one anti-virus company is calling the fastest e-mail outbreak ever.

MessageLabs, a global e-mail security company that scans e-mail for viruses, said that within 24 hours, it had scanned more than 1 million copies of the "F" variant of the "Sobig" worm.

The previous record was "Klez," with about 250,000 copies spotted during its first 24 hours earlier this year, MessageLabs Chief Technology Officer Mark Sunner told the Associated Press.

Unlike classic viruses, a worm like Sobig doesn't latch onto a program or file to spread. Instead, it attempts to replicate itself by sending out infected e-mail.

Sobig doesn't physically damage computers, files or critical data, and it is expected to deactivate after Sept. 9.

The subject line of messages with the virus include "Re:Approved," "Re: Wicked screensaver," "Re:That movie," and the message reads "Please see attached file for details." If a recipient clicks on the attachment, the computer will be infected.

The worm will then send itself out names it finds within the computer's address book and can use those names to forge a return address.

Sobig began appearing Tuesday, just a week after a separate virus, "Blaster," wreaked havoc on computer systems around the world.

The virus was blamed for computer disruptions at businesses, colleges and other institutions across the Valley. Users complained of receiving notices about returned e-mail messages they never sent and other unwanted junk e-mail.

Area companies and organizations took rapid steps to protect their computer networks from this new threat.

Computer specialists at Allegheny Valley Hospital and Citizens Ambulatory Care Center had been working around-the-clock for two days as of Thursday afternoon to install patches that repair holes in virus protection software on 350 hospital computers, said Linda Fergus, manager of information services for the Alle-Kiski Medical Center.

Most of the repairs were behind-the-scenes, and use of the network wasn't disrupted for more than a few minutes at a time, Fergus said.

"It's been more of a headache for (Information Services) than anything," she said.

Jim Scanga, IT Services manager for Medrad, said a robust anti-virus system protected the medical device company in RIDC Park in O'Hara from the Sobig virus.

Scanga sent a message to all Medrad employees about the worm to address questions from users who still received the text portion of infected messages even though the virus itself had been trapped.

"Our systems are all protected," Scanga said. "Basically (Sobig) is just a nuisance."

Jo Artoyo, director of information technology for Spinnaker Networks, and Michael Bussler, chief executive officer of Algor Inc., both in RIDC Park, said their security systems were able to prevent virus outbreaks on their networks.

"As a result of the due diligence and quick action of our IT staff, we have not experienced any difficulties from any of this recent stuff," Bussler said.

Bussler said that his rigorous use of anti-virus software at home prevented him from feeling the effects of Sobig on his home computer.

"But I shudder to think what would happen if I didn't pay attention," Bussler said.

The customers of MicroConnect, a New Kensington-based Internet Service Provider, also were protected from the Sobig worm, said MicroConnect Web developer Gene Laratonda.

"But even through we're protected from it, other people on the Internet who weren't are still propagating e-mail to our customers," said Laratonda, who worked Thursday to remove a related virus from MicroConnect's system.

"The anti-virus companies can't write fixes fast enough for all of the variants of the viruses," he said. "So it's a cat-and-mouse game, and it's no fun."

Home users can protect themselves by using an Internet firewall, updating security software and by installing up-to-date anti-virus software, Laratonda said.

The Associated Press contributed to this report.

Additional Information:

On the Web

To learn how to protect your Windows machine from Internet viruses, visit www.microsoft.com/security/protect .

Information about the Sobig virus can be found at www.symantec.com .

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.

click me