23
Mon, Dec
3 New Articles

Sobig.F Strikes Deep--Into Our Pockets!

Commentary
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The FBI, working with the Department of Homeland Security, says it's hot on the trail of the individual or individuals who released the W32.Sobig.F worm on August 19, 2003. According to their investigation, Sobig.F was introduced onto a pornographic newsgroup in Arizona over the previous weekend. The identity of the perpetrator was hidden by a bogus email account that was purchased with a stolen credit card.

What's It Really All About?

Meanwhile, speculation about the purpose of Sobig.F now leans away from terrorist activities and toward a money-making scheme. Investigators who have examined the code have concluded that Sobig.F was designed specifically to identify and infect vulnerable computers so that these same machines could later be used as proxies to proliferate spam. The authors of Sobig.F could then broadcast junk email messages at will, allowing them to sell their service to the underground network of spamming advertisers. The FBI, in examining the code, has concluded that this was not a "low-budget" worm, but a concerted, well-funded effort to bring the latest technology to the construction of an Internet-aware virus. The design of this distribution network was quite ingenious.

How It Was Supposed to Work

According to a Finland-based virus research team at F-Secure, 20 IP addresses linked to home computers in the United States, Canada, and South Korea and were destined to become the innocent and unwitting servers of the next set of instructions to all infected Sobig.F client machines. Though the Sobig.F client machines were set to continue proliferating the Trojan Horse email attachments until September 11, these particular servers were programmed to begin their transmission of new instructions on August 22nd, 2003 at 3:00 p.m. Authorities in these countries were quickly notified, and they raced to locate and disable these servers' proxies before they could be activated.

Meanwhile, at this writing, email security experts are witnessing a decline in the transmission of the bug. At the height of its infectious cycle, AOL estimated that it alone had found 23 million file attachments containing Sobig.F, while worldwide an estimated 1 in every 17 emails contained the Trojan Horse attachments. Today, the ratio is down to 1 in 50.

But security experts and email administrators are bracing for yet another round of Sobig-related spamming attacks. Their logic is simple: Sobig.A was introduced at the beginning of this year, soon followed by Sobig.B, C, D, and E. According to these experts, we can expect another round of attacks soon.

Microsoft in the Trenches

In response to a flood of more than 40,000 support calls about its Windows operating system, Microsoft reported that it pulled out all the stops and even enlisted executives to man the phones. Bill Gates was reported to be personally very concerned about the recent outbreaks, questioning support personnel about their strategies.

Executives within Microsoft must feel particularly chagrined: Microsoft has a $30 million contract with the Department of Homeland Security. Now, this same federal agency is helping FBI and local officials ferret out the perpetrators of these malicious pathogens.

The previous week, the Blaster.D virus made a mockery of Microsoft's touted Trustworthy Computing Initiative by invading Windows 2003 servers and shutting down businesses, including Air Canada. Subsequently, a second worm called W32.Welchia.Worm--written by a different author--invaded the same machines in an attempt to patch the damage accomplished by Blaster.D.

No sooner had these latest onslaughts subsided than Sobig.F sent Microsoft scrambling once again. All of these worms and viruses had specifically targeted the Windows operating system platforms. Linux, UNIX, and OS/400 servers were not affected. These events conspired to prove the continued vulnerability of Microsoft's Trustworthy Initiative, a real-world test that was catastrophic to administrators and users alike.

More Than a Perception of Vulnerability

Asked if the perception and the reality of Microsoft's security failures is threatening the Microsoft business, Jim Allchin, a vice president of Microsoft's platforms group, said "Yes. . . . I think it threatens business for everyone. It's not a Microsoft statement. I think that customers are afraid that their business is going to be jeopardized by the IT infrastructure, because they're so dependent on computers. That's a huge problem for the entire industry, and it's a huge problem for us. And I take it very, very seriously."

Yet, though Microsoft has already taken substantial steps in improving both the code within Windows and the delivery of patches to existing platforms, according to Allchin, Microsoft is having difficulty communicating these changes and notifying customers of problems. For instance, "...the Internet Connection Firewall is in Windows XP. It's been in there all along.... Why is it that people haven't turned it on? Well, we didn't communicate it well enough, I guess, because it does protect."

Why Isn't Microsoft Responding More Forcefully?

Asked if he believed that anti-virus protection should be included in Windows operating system packages, Allchin was evasive about Microsoft's future strategy "Some people might say, 'Antivirus, it's obvious you should include it.' Others would say, 'No, that's a business.' Others would say, 'Antivirus is the wrong solution, period. You've got to do an intrusion-detection/prevention system. That's really the answer.' 'Oh, should that be built in?' 'Oh, no.' 'Well, maybe you could charge extra for the enterprise version.' So, different people could have different views."

Asked specifically if Microsoft would release something soon to help remedy the problems of security, Allchin responded, "I don't know."

The Business of Security

Regardless of Microsoft's plans, one statement rings true: The computer security industry is business! Big business! According to Gartner Group, the market for computer-related security is now at $3.8 billion a year and is growing quickly. The fastest-growing sector of that business is in providing security against network-related pathogens like Blaster.D and Sobig.F, viruses that are specific to Microsoft products. Perhaps this is why cash-rich Microsoft continues to purchase new security technologies, possibly aiming them for release in the next version of Windows scheduled for 2005-2006.

Irony of the Virus Analog

Now, consider an irony of circumstance: Computer-related anti-virus efforts--and the costs of repairing the damages inflicted upon users--this year alone will dwarf some nations' entire budgets for research on the human-related HIV virus.

In this country, the National Institute of Health (NIH) has requested a budget of about $27 million, but it's doubtful that Congress will appropriate the full amount. Other countries are spending considerably less. What's wrong with this picture?

Though the thought that a computer virus is "more important" than a human virus may seem quite a stretch to many of my readers, clearly our machines are getting a better deal than their human counterparts.

August's attacks on computers are estimated to have impacted about 40 million individual machines. Two decades of HIV now infect an estimated 52 million individuals. (The Australian Federation of Aids Organisation says that on June 4, 2003, the total reported number of cases of HIV was 52,330,246).

The computing industry has made a mint by co-opting the "virus" analog to describe rogue programming agents. The spam industry is making a mint by propagating these agents into our expensive machinery. Computer anti-virus research teams around the world labor intensely day and night to protect our systems. And, as customers in the virtual world of the Internet, we are obliged to pay them all for their excellent and dedicated efforts. After all, our livelihoods and our businesses rely upon these systems.

But, personally, I would gladly point my anti-virus dollars--or at least some portion of those dollars--in a substantially different direction. And that's why, for me, Microsoft's efforts and claims that they are "doing so much" continues to ring hollow to my ears.

Author's Note: We received a tremendous response to last week's article "Time to Recall MS Windows?" Thank you! If you have comments or opinions on this week's column, please post them to the discussion forum at the end of this article.

Thomas M. Stockwell is Editor in Chief of MC Press. He can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: