When Mark Sunner, chief technology officer at e-mail security company MessageLabs, first saw the computer worm “Sobig.F” on Monday, he knew it was trouble.

On an electronic map in the company's New York headquarters, he watched tiny lights, representing the spread of the virus, move across the map as the sun rose. But the real problem, said Sunner, is that Sobig.F represents the future of computer viruses.

“This is the fastest-growing e-mail virus of all time,” Sunner said. MessageLabs, which scans 17 million e-mails per day for 6,500 businesses, detected a Sobig.F infection in one of every 17 e-mails scanned when the virus peaked Tuesday. The previous peak infection rate was one in every 125 e-mails for the “Klez” virus last year.

This has been a big month for “fastest-growing” computer viruses and worms. Last week, the “Blaster” worm infected at least 500,000 computers worldwide, forcing the Maryland Motor Vehicle Administration to shut its offices for a day and jamming computer networks around the world.

The “Welchia” or “Nachi” worm, which appeared earlier this week and is designed to protect computers against Blaster, brought down the check-in system at Air Canada and infiltrated unclassified computers on the Navy-Marine intranet, a first for computer viruses. CSX Corp., the third-largest U.S. railroad, Wednesday reported a computer virus slowed or halted service on its 23,000-mile eastern U.S. network, forcing cancellation of some Washington-area trains and causing delays averaging six to 10 hours.

Computer security experts say the recent upsurge in virus activity is not a sign of anything new. Instead, it’s the culmination of a trend that has been building for years as virus programmers have become more adept at creating malicious programs, and software companies have sold products increasingly vulnerable to attack.

“Virus writers are getting better at taking advantage of the first 24 hours of a virus, when we don’t know how to stop it,” said Brian Czarny, marketing director of MessageLabs.

“And they are learning how to use spamming techniques to better spread viruses.”

The Sobig.F worm, which is programmed to expire Sept. 10, comes on the heels of other Sobig viruses that have proliferated since January, each lasting about one month. If trends continue, an improved Sobig.G could appear later that month.

This month’s computer attacks follow a pattern: Virus activity tends to surge in the summer when college students have time on their hands, said Ken Dunham, malicious code intelligence manager for Reston-based iDefense Inc. But the intent may be changing.

“People who write malicious code were traditionally interested only in notoriety,” he said. “But lately we’re seeing viruses motivated by ideology or criminal intent. Malicious code has been used for identify theft, bank scams or to take over control of other people’s computers.”

A wide-reaching virus launched last year by students in India upset about political developments in the Kashmir region overloaded Pakistani computer servers, and infected thousands of others around the world. One aspect of Sobig.F that may indicate it is driven by profit motives, said Sunner, is that it places a “Trojan horse” on infected drives allowing spammers to use unsuspecting computers to distribute millions of unwanted e-mails around the world.

And things could get worse.

“There’s nothing stopping someone from taking Blaster or Sobig.F and making it delete all your files or change software on your computer so it no longer works,” said Fred B. Schneider, director of the Information Assurance Institute at Cornell University. “We’re getting dangerously close to a world where hostile viruses are much more prevalent.”

POORLY DESIGNED SOFTWARE BLAMED

But the main cause of virus prevalence, say computer experts, is poorly designed software. The Blaster worm was created to take advantage of a vulnerability in Microsoft’s operating system, particularly targeting Windows XP, Windows 2000, Windows NT and Windows Server 2003. Such vulnerabilities exist because software is distributed without appropriate amounts of testing and because software vendors increasingly create new functionalities that invite infection, they said.

“The idea of a mail message that contains a program with lots of bells and whistles is a really cool idea,” said Marty Lindner, of the CERT coordination center at Carnegie Mellon University. “But when you realize that a bad guy can use those bells and whistles for other purposes, that idea isn’t as cool as it used to be.”

In a sign of what may become a trend, Microsoft announced last year a slowdown in software development so programmers can comply with a new “trustworthy computing initiative.” The move has been applauded by security experts, but it carries costs.

“Software that is secure tends to be harder to use,” Schneider explained. “Now you have to type more passwords, you’re restricted in what tools you can use in which programs, you’re not completely free to store things where you want. When burglaries start in your neighborhood, you start putting locks on your doors. The problem is, one day you’ll probably get locked out.”

Analysts also note that the increased costs of producing more secure software may be passed onto consumers, and the pace of innovation in technology may slow.

But the biggest changes may be in attitudes.

“E-mail systems are generally trusting,” said David Sklar, a technology adviser and author of computer programming books. “But if a ‘software Chernobyl’ occurs, it will force us change our assumptions about technology. We’ll start putting up more walls, and thinking that computers should have the same level of reliability we demand from food or cars or fire-retardant pajamas.

“But innovations in car design don’t happen very frequently because of the liabilities that are part of change. There’s a trade-off between usefulness and protectiveness. Most people are not aware of that trade-off, but they’ll have to begin making more choices.”

Close

Today's Top News		Top China News
+Commentary: Don't meddle with yuan ( 2003-09-02) +200,000 troops to be cut by 2005 ( 2003-09-02) +Beijing Games marketing plan launched ( 2003-09-02) +Flood forces 10,0000 to evacuate ( 2003-09-02) +Beijing courts announce 50 major changes ( 2003-09-02)		+200,000 troops to be cut by 2005 ( 2003-09-02) +HK, Macao embrace mainlanders ( 2003-09-02) +Flood forces 10,0000 to evacuate ( 2003-09-02) +Beijing courts announce 50 major changes ( 2003-09-02) +Comment: No tolerance for evil ( 2003-09-02)