Possible Sobig Attack On September 11

The latest edition of Sobig may have a built-in September 10 expiration date, but that doesn't mean this virus family is going to go gently into that good grey cybernight. At least one antivirus software maker and service provider says yet another Sobig attack – this time aimed at "large Internet infrastructures" – is likely to launch September 11. 

"When particular conditions are met," said antivirus maker Central Command August 21, "Sobig.F will attempt to download additional components of the attackers choice. The pre-configured conditions include performing tests to determine if the current day is Friday or Sunday between the hours of 19:00 (7PM) and 22:00 (10PM) UTC time. When these conditions are met, the worm will attempt to retrieve further instructions that may include the downloading and execution a backdoor hacker program. Backdoors can allow someone with malicious intent to gain full control of the infected computer."

Vice president of products and services Steven Sundermeier said Sobig's authors have "a predictable pattern" of issuing new variants right after the incumbent Sobig expires. "If the past repeats itself," he said as Central Command issued its warning, "we could be looking at a newly constructed creation shortly after September 10th. A potential risk is that the massive army created by Worm/Sobig.F could be used to launch an all out attack on large Internet infrastructures, for example, by means of a distributed denial of service attack." 

Sobig continued earning its reputation August 21 as the likely fastest and broadest spreading computer virus in the history of cyberspace. America Online reportedly scanned 40 million e-mail attachments the day before – four times its usual day-to-day volume – and caught over 23 million Sobig copies. Its trademark payload this time is the capacity to turn infected computers into a mass network of spam relay machines.