Worm and Cozy

By Chris Taylor Thursday, Jan. 08, 2004
    • If you logged on to the internet last week, chances are your PC played a part in the largest-ever attack of computer viruses. Two worms — nefarious programs that self-replicate — were tearing through home PCs and business networks like Chucky on too much Ritalin. When Welchia, the first worm, took flight, it grounded Air Canada's reservations system. But then the upstart, aptly known as Sobig, arrived, spreading virally through e-mail in boxes. By week's end, one in every 17 e-mails received worldwide was sent by Sobig. Some 30% of PCs in China were infected, according to Beijing Rising Technology Corp., an anti-virus software company, and Internet access slowed to a crawl.

    When Sobig attacked, no actual damage was done to the PCs themselves. The network suffered; your hard drive didn't. Sobig's designers, however, imbued it with the urge every species shares: to multiply. There are a number of mutations, each tweaked by a different hand. The winner of last week's evolutionary cyberlottery was Sobig.F, which grabs anything that looks like an e-mail address from your hard drive and secretly sends itself to all of them.

    The plot thickened last Friday, when the worm — running on a built-in timer — was due to instruct infected PCs to contact 20 other machines scattered worldwide, which may have been seeded with yet another insidious program. But 19 were taken offline before that could happen. Some investigators believe Sobig was a tool to supply professional e-mail spammers with potential new clients. There is another, more troubling option. "Sobig has the combined characters of a worm and a hacking," says Wang Jianfeng, a deputy manager at Beijing Rising Technology Corp. In other words, its creator wants to hijack your machine — whether you like it or not.