ITSD Computing and Communications Services News
August, 2003

CCS News Home
Back Issues
Computer Security
Help Request
Software Downloads
Computer Backups
Buy a Computer
Suggestion Box
Email
Calendar
Onsite Computer Training
ITSD
CIS
ISS
NTD
TEID
  Sobig Worm Floods Email Systems, but Virus Wall Keeps Lab Systems Safe

Image of a 'computer worm'

The SUSPECTED SPAM messages started with a trickle Monday, became a torrent on Tuesday and remained a steady stream all week as a result of a reinvigorated worm known as Sobig.F. The Lab’s Virus Wall scrubbed the worm from 30,883 messages on Tuesday, Aug. 19, alone. Some employees found hundreds more waiting in their inboxes on Wednesday morning.

“Fortunately, our perimeter anti-virus system kept this worm from spreading to Lab computers, as well as from being spread from LBNL systems to others,” said Mark Rosenberg, head of the Computing Infrastructure Technologies Group. “This incident, along with the Blaster virus, demonstrates the importance of keeping anti-virus software current, whether on large systems or individual desktop computers.”

Although spread by email to infect Windows systems, Sobig.F messages inundated email applications running on PCs, Macs and UNIX/Linux systems. However, not everyone was affected. While some LBNL staffers received hundreds or thousands of messages caused by the worm, others reported just one or two.

Viruses and spam are different, but the trend is that spammers and virus writers are using many of the same techniques. Some email messages that contain viruses have characteristics that are very similar to spam messages, so they are both tagged by Brightmail and cleaned by the VirusWall. This does not mean that all viruses are spam, however. Unfortunately, unlike Brightmail, the current version of the Lab’s VirusWall software is unable to change the subject line to indicate that a virus has been cleaned from the message. Read more about this issue.

The resurgent worm was first detected in Europe, then spread around the world, infecting more than one million computers on Aug. 19, according to Trend Micro, a firm that sells anti-virus systems – including the Lab’s VirusWall. Their research showed that Europe was hardest hit, with 778,000 infections, while the U.S. recorded 274,000.

For more information, read the Trend Micro report. If you have questions or comments about this worm, contact the Help Desk at xH-E-L-P, help@lbl.gov or http://www.lbl.gov/help.