The Final Edition of tonight's London "Evening Standard" newspaper has as
its front page lead the latest news about the spread of Sobig-F over the
past three days, and reports estimates from various experts that this is
almost certainly the biggest computer virus attack ever.

It seems that as soon as a PC is infected it sends out anything from
hundreds to multi-thousands of fake e-mails - several to each e-mail
address it finds on the infected system, ie. the whole of any address
books, plus every e-mail address on messages filed in "Mail received"
folders etc.  Also, as previously reported, the virus replaces the true
origin of the virus-carrying message with a genuine e-mail address from
the address book or messages received, so that millions of people who are
not infected are nevertheless shown up by anti-virus software as the
origin of the infected e-mail.

The report continues by saying that there is currently so much extra
Internet traffic because of these countless millions of virus-carrying
fake e-mails in many regions the whole Internet system is slowing down
markedly.

My own experience in the UK is that instead of almost instant
transmission and receipt, even very local messages are taking an average
of two to three hours to get through, and tonight (almost 10pm Thursday UK
time) I'm  still receiving e-mails sent from addresses just a couple of
miles away on Tuesday afternoon...

If - as some suspect - the object is to crash the whole of the Internet by
overloading and creating a grid meltdown - like last week's USA & Canada
power failure - then whoever started this one off looks to be well on the
way to achieving their aim.

In what is rapidly becoming a major international emergency the top
priority must be for everyone to check out their own machines for this
virus and clean it up to stop the transmission and retransmission of these
virus-carrying messages. Unlike some previous viruses of this type
Sobig-F doesn't seem to be content to send out a one-off mailing to all
known addresses.  I have been checking the genuine originating addresses
of many of these (by looking for the numerical IP. address buried in the
"Full header") and I know that several individual infected machines in
various parts of the US, and in Holland, Germany and Scandinavia have each
sent anything up to a dozen fake e-mails to my address so far.)


Patrick Boylan

=========================================================
Important Subscriber Information:

The Museum-L FAQ file is located at http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed information about the listserv commands by sending a one line e-mail message to [log in to unmask] . The body of the message should read "help" (without the quotes).

If you decide to leave Museum-L, please send a one line e-mail message to [log in to unmask] . The body of the message should read "Signoff Museum-L" (without the quotes).