0

?Sobig' computer worm lives up to name

By Clay Wilson

Local residents are not immune from the arms race in cyberspace.

As the "Sobig.F" worm clogs e-mail boxes around the world, virus protection programs on local computers are working overtime to fend off the threat.

"It's huge," said Jonesboro resident Harold Williams, a broadband and wireless network support technician at Earthlink in Atlanta. "About every other call I take (is about the virus)."

According to news reports, Sobig.F was declared the fastest-spreading e-mail disruption of all time. A Dow Jones Newswires report said one Internet security company reported that it had intercepted more than a million of the worms on Wednesday n the most ever in a single day.

Sobig is a "high risk mass mailing worm," the variant of a worm that has been around since January, according to Internet security firm McAfee. Once it infects a computer, it e-mails itself using its own mail engine using addresses "harvested" from the host computer's directory.

Williams said Sobig's aggressiveness in e-mailing itself out is what has made it spread faster than previous worms or viruses such as "Klez."

" ? It's really trashing our servers because it sends out hundreds of e-mails at the same time," he said.

Often when it mails itself, Sobig.F appropriates an e-mail address from the infected computer's directory for its own address line n making it difficult to determine where the worm's e-mails are originating. According to McAfee, this also means that unsuspecting victims can get infected messages from addresses they trust.

Henry County government's network has fallen victim to this aspect of the worm. Larry Hutson, the county's information systems manager, said the county has received calls from people accusing its system of sending out infected e-mails.

However, Hutson said, when county analysts checked the system, they discovered that no such e-mails had been sent.

Fortunately for the county, it has recently switched its 23-server, nearly 600-computer system to an outside security firm. For a while, the county was screening all its mail through a protected server within the system. But, Hutson said, "It got too much for us to handle ? We had so many things going around the firewall."

Hutson said that the security firm the county's Internet service provider uses, Internet Security Systems, was the first company to post information on Sobig.F on the 'Net.

"We were way ahead of the game on that, so we were protected," he said.

He said the few copies of the worm that have slipped through the security firm's barriers have been zapped by the county's internal virus protection system.

But according to the Associated Press, Sobig.F is a bigger threat to personal computers than to large systems. In apparent keeping with that assessment, Henry County computer technician Carl Swensson said his phone has been busy over the past few days.

"I get quite a few requests on that," said the owner of CAS Computers Inc. in Stockbridge. "People get eaten up with that and then they call me."

Although Sobig can be malicious, depositing "Trojan Horses" that allow hackers access to infected computers, Swensson said he has not encountered people whose computers have been "dramatically affected" by the worm.

"I've had a lot of people who call me up and say, ?What is this, and why does it keep coming through time and time again?" he said.

Both Swensson and Williams said that the only relatively sure way to protect one's computer from Sobig.F is to install updated virus protection software.

According to Swensson, it is crucial to catch and disable Sobig to keep it from spreading further.

"It just goes constantly until you stop it," he said.