<snip>
YW, John, and we hear you.
Quiet? Dunno about that. We managed to avoid a close call today:
<paste>
August 22, 2003
Feared Attack From Computer Virus Fizzles
By THE ASSOCIATED PRESS
Filed at 7:04 p.m. ET
NEW YORK (AP) -- A feared Internet attack resulting from a fast-spreading
computer virus fizzled Friday, as security experts said they contained it by
identifying and blocking computers key to coordinating it.
Instructions written into the latest version of the ``Sobig'' virus, which
has caused enormous headaches since it began appearing Tuesday, called for
infected Windows machines to try to download a program that, until the
attack began at 3 p.m. EDT Friday, had an unknown function.
Experts feared the program could have deleted files, stolen passwords or
created rogue e-mail servers for spreading junk e-mail.
But when the appointed time came, all the virus did was visit a pornography
site, said Vincent Weafer, security director with Symantec Security
Response.
``There is nothing malicious, just a standard sex site,'' he said.
The FBI was investigating, spokesman Paul Bresson said.
The attack began with the virus attempting to reach one of 20 computers,
mostly in the United States and Canada, to obtain information key to
continuing. Infected computers were programmed to keep trying every Friday
and Sunday between 3 p.m. and 6 p.m. EDT.
Antivirus experts identified those computers and persuaded their Internet
service providers to shut access to some of them.
``There's a potential risk for Sunday, but I think it's really mitigated,''
said Chris Rouland, vice president for research and development at Internet
Security Systems Inc. ``All the network operators are aware they need to
block these (Internet addresses) now.''
Keynote Systems Inc., which measures Internet performance, said the Net's
main pipelines were holding up fine, but isolated congestion was possible
because of higher-than-normal Internet traffic.
Mikko Hypponen, manager of antivirus research with F-Secure Corp. in
Finland, said users should clean their computers using antivirus software --
antivirus companies have issued free tools to do so -- or turn off machines
if they cannot run the disinfecting software.
Users with firewall programs can also block UDP port 8998, which is the
Internet opening the virus uses to communicate with the outside world.
Experts say that doing so should have at most minor interference with other
Internet functions and that many service providers were already blocking the
port for their customers.
Already, Sobig has resulted in e-mail disruptions at several businesses,
universities and other institutions. Sobig did not physically damage
computers, files or critical data, but it tied up computer and networking
resources.
The New York Times asked employees at its headquarters to shut down their
computers for part of the afternoon Friday because of ``computing system
difficulties.'' Spokesman Toby Usnik declined to discuss whether a virus
might be to blame, but said the newspaper will publish a Saturday edition.
Users get the Sobig virus when they click on attachments to e-mail carrying
such subject lines as ``Details,'' ``Approved'' and ``Thank you!''
One e-mail company, MessageLabs Inc., has declared it the fastest e-mail
infection ever. Symantec reported the spread as ``steady'' Friday.
The Sobig outbreak came just one week after a virus known as ``LovSan'' and
``Blaster'' took advantage of a flaw in the Windows operating system to clog
computer networks around the world. The ``Blaster'' outbreak has started to
subside, experts said.
</paste>
