Thursday, October 21, 2021

Quiet September Lets Security Industry Recharge

Despite only being active for 10 days in the entire month, the Sobig-F virus wreaked enough

havoc to retain its place as one of the most destructive viruses for the month of September.

But regardless of Sobig-F and the other viruses active last month, September was fairly

quiet in the malicious code world. And after August went down in history as the month with

the most virus damage, September gave IT managers and anti-virus experts time to regroup and

prepare for the next onslaught.

”With August, we had Blaster and Sobig and Nachi,” says Steven Sundermeier, a vice

president with anti-virus company Central Command, Inc., based in Medina, Ohio. ”September

gave everyone a chance to catch up. We’re all trying to gear up for the next big virus,

whether it’s the next Sobig or the Son of Blaster. We’re absolutely gearing up for the next

big outbreak, and September let us do that.”

Two separate anti-virus companies ranked the latest Sobig variant in their infamous lists of

the most malicious viruses in the wild.

Central Command put Sobig-F in its Number One spot, noting that accounted for 67.5 percent

of all virus attacks last month even though it was only active until Sep. 10. Sophos, Inc.,

an anti-virus vendor based in Lynnfield, Mass., put Sobig-F in its fourth spot, behind

Gibe-F, Dumaru-A and Mimail-A.

”This shows how powerful Sobig-F was,” says Sundermeier. ”In just the first 10 days of

September it accumulated all of these attacks. If it hadn’t been deactivated on Sep. 10,

you’d see that 67 percent looking more like 80 percent to 90 percent.”

Sobig-F is a mass-mailing worm that also can spread via network shares. Security analysts

speculate that the virus caused so much damage because the whole string of Sobig viruses

were designed to build on the inroads made by the previous variant. Sobig-E, for example,

wormed its way into millions of computers and then left those doors open. Sobig-F went

through those already open doors and then went from there.

The author of Sobig-F, designed it so it would die out on Sep. 10. That is leading many

security analysts to believe that the next variant in the Sobig family will soon be on its

way. And if it builds on the malicious success of Sobig-F, analysts say the damage could be

even worse.

The Gibe-C worm, also known as Swen, also caused its share of trouble last month.

Central Command ranked it in second place, noting that Gibe-C accounted for 8.6 percent of

all virus attacks last month. Sophos, however, gave the virus its top malicious spot, saying

they recorded that it accounted for 23.5 percent of all attacks.

Gibe-C played on computer users’ fears by disguising itself as a cumulative security patch

sent out by Microsoft. The email closely mirrored Microsoft’s site and tricked people into

downloading another virus.

While Gibe caused some mayhem, many security analysts have been expecting a huge hit. The

next variant of Sobig was widely believed to be coming around the 9/11 anniversary. The next

Blaster, often referred to as the Son of Blaster, has been lurking just off center stage.

But they didn’t hit last month.

Some analysts are wondering if virus writers are lying low, waiting for the crush of

attention — both from IT managers moving quickly to patch their systems, and law

enforcement moving to quickly lock up and prosecute malicious authors — to pass.

”My gut tells me they’ve kind of gone underground for a time,” says Dan Woolley, a vice

president with Computer Associates. ”The guys out there writing bad code have a lot of heat

on them and they’ve gone underground a little. Maybe they’ll stay low till Christmas or the

new year. This is just my gut feeling.”

Sundermeier agrees.

”That may very well be,” he says. ”Word is getting out that charges will be brought.”

But Sundermeier doesn’t think the virus writers will be laying low for long.

Similar articles

Latest Articles