February 11, 2009 8:32 PM
- Text
New Worms On Cyber-Prowl
(CBS/AP)
Two more computer worms - Nachi/Welchia and Sobig.F - have joined LovSan/MBlaster in the pack of cyber-prowlers looking to puncture privacy and take control of your computer.
The worm known as both Nachi and Welchia wreaked havoc Tuesday with Air Canada's airline reservation systems, creating long lines at the Vancouver airport as weary travelers were forced to check in manually.
Nachi/Welchia also popped up in various nooks and crannies in the United States, including Kentucky, where it interfered with state government computers which handle motor vehicle registration, Medicaid, food stamps, and child support.
Nachi/Welchia targets the same Windows computer users as does LovSan/MBlaster. But this worm has a peculiar Internet avenger-type behavior: it seeks to take control of your computer, delete LovSan/Mblaster if it is present, install the Microsoft patch to protect against LovSan/MBlaster, and then reboot your computer (which is part of the patch installation process).
"This new worm doesn't destroy the PC or do anything real harmful, but it starts sending out scans across the network," says Rodney Murphy, of the Kentucky Governor's Office for Technology, adding that the scans clog phone lines and can cause serious delays. "It can degrade the speed of a workstation to the point of being no different than shutting a PC down."
Kentucky expects its state computers - of which hundreds, if not thousands, were affected - to be running a little better by mid-day Thursday.
Irritating a far greater number of computer users is the Sobig.F worm, which popped up Tuesday morning and spread quickly worldwide.
Sobig.F attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.
MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day.
"It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said.
The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time.
How can you tell if Sobig.F has come to call on you?
Subject lines for Sobig.F include: "Re:Details," "Re: Approved," "Re: Re: My details," "Re: Thank you!", "Re: That movie," "Re: Wicked screensaver," "Re: Your application," "Thank you!", and "Your details."
The message is likely to say: "See the attached file for details" or "Please see the attached file for details."
Attached files are likely to be: "your_document.pif," "document_all.pif," "thank_you.pif," "your_details.pif," "details.pif," "document_9446.pif," "application.pif," "wicked_scr.scr," or "movie0045.pif."
As is the case with many computer viruses, the trouble is unleashed if a recipient clicks on the attached file, at which point the computer will become infected.
Sobig.F sends itself out to names found in its victim's address books and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.
Symantec - maker of Norton Anti-Virus - has upgraded the threat of Sobig.F from a Category 3 to a Category 2, based on the number of submissions of the virus it has received from its customers.
Symantec also has, on its web site, a removal tool developed especially to target Sobig.F.
Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.
And don't forget LovSan/MBlaster. That worm is still at large and if you're a Windows user who hasn't downloaded the Microsoft patch to protect against it, your computer is vulnerable to attack.
LovSan/MBlaster uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site last Saturday proved harmless.
Vincent Weafer, senior director of Symantec Security Response, says Nachi/Welchia is making it harder for many network administrators to clean up after LovSan/MBlaster.
"The worm (Nachi/Welchia) is swamping network systems with traffic and causing denial of service to critical servers," he explains.
LovSan/MBlaster is also affecting some computers in Ontario's emergency response system - networks involved in responding to the aftermath of last week's monster blackout.
It's "making our job more difficult," acknowledged Dr. James Young, Ontario commissioner of public safety.
The worm known as both Nachi and Welchia wreaked havoc Tuesday with Air Canada's airline reservation systems, creating long lines at the Vancouver airport as weary travelers were forced to check in manually.
Nachi/Welchia also popped up in various nooks and crannies in the United States, including Kentucky, where it interfered with state government computers which handle motor vehicle registration, Medicaid, food stamps, and child support.
Nachi/Welchia targets the same Windows computer users as does LovSan/MBlaster. But this worm has a peculiar Internet avenger-type behavior: it seeks to take control of your computer, delete LovSan/Mblaster if it is present, install the Microsoft patch to protect against LovSan/MBlaster, and then reboot your computer (which is part of the patch installation process).
"This new worm doesn't destroy the PC or do anything real harmful, but it starts sending out scans across the network," says Rodney Murphy, of the Kentucky Governor's Office for Technology, adding that the scans clog phone lines and can cause serious delays. "It can degrade the speed of a workstation to the point of being no different than shutting a PC down."
Kentucky expects its state computers - of which hundreds, if not thousands, were affected - to be running a little better by mid-day Thursday.
Irritating a far greater number of computer users is the Sobig.F worm, which popped up Tuesday morning and spread quickly worldwide.
Sobig.F attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.
MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day.
"It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said.
The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time.
How can you tell if Sobig.F has come to call on you?
Subject lines for Sobig.F include: "Re:Details," "Re: Approved," "Re: Re: My details," "Re: Thank you!", "Re: That movie," "Re: Wicked screensaver," "Re: Your application," "Thank you!", and "Your details."
The message is likely to say: "See the attached file for details" or "Please see the attached file for details."
Attached files are likely to be: "your_document.pif," "document_all.pif," "thank_you.pif," "your_details.pif," "details.pif," "document_9446.pif," "application.pif," "wicked_scr.scr," or "movie0045.pif."
As is the case with many computer viruses, the trouble is unleashed if a recipient clicks on the attached file, at which point the computer will become infected.
Sobig.F sends itself out to names found in its victim's address books and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.
Symantec - maker of Norton Anti-Virus - has upgraded the threat of Sobig.F from a Category 3 to a Category 2, based on the number of submissions of the virus it has received from its customers.
Symantec also has, on its web site, a removal tool developed especially to target Sobig.F.
Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.
And don't forget LovSan/MBlaster. That worm is still at large and if you're a Windows user who hasn't downloaded the Microsoft patch to protect against it, your computer is vulnerable to attack.
LovSan/MBlaster uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site last Saturday proved harmless.
Vincent Weafer, senior director of Symantec Security Response, says Nachi/Welchia is making it harder for many network administrators to clean up after LovSan/MBlaster.
"The worm (Nachi/Welchia) is swamping network systems with traffic and causing denial of service to critical servers," he explains.
LovSan/MBlaster is also affecting some computers in Ontario's emergency response system - networks involved in responding to the aftermath of last week's monster blackout.
It's "making our job more difficult," acknowledged Dr. James Young, Ontario commissioner of public safety.
Popular Now in SciTech
- Tesla's Model X: Finally, an electric car we all want
- Apple iPad 3 rumors: thicker, sharper, coming soon
- Retro Duo will play your old Nintendo games
- iPad 3 mini on the way, says analyst
- Apple iPad 3 rumors resurface, sources say March release
- Happy 50th to computer game Spacewar
- Apple iPhone 5 rumors, reports say June release
- Google developing home entertainment system
- Obama's 2012 campaign playlist now on Spotify
- Facebook required for Spotify account, here's a trick
- Facebook graffiti artist David Choe, from homeless to millions
- Apple iPad 3 rumors, let's get real
- FBI releases Steve Jobs background report
- Ethical iPhone 5 petitions head to Apple stores
- How to get the Diablo III beta test
- Hackers release Symantec pcAnywhere source code
- Shocking Stats on Texting While Driving
Latest CBS News Headlines
on Facebook Most Discussed Stories
on CBS News
- Brazil jet makes forced stop after pilot attack
- Love beats action as 'The Vow' bows with $41.7M
- Victoria Beckham back to sexy, sophisticated form
- Top Republican wants vote on birth control mandate
on Facebook Most Discussed Stories
on CBS News
