In-Depth
Dirty Dozen Viruses: August was a Banner Month
Central Command shows a single virus accounted for over three-quarters of all activity last month.
Central Command released its “dirty dozen” list of the worst viruses for August. Leading the list was is Sobig.F, which accounted for about 77 percent of all virus activity during the month.
That won’t come as a surprise to anyone who’s opened their e-mail in the past few weeks. “At its peak, Sobig.F related emails accounted for nearly 73% of all e-mail,” says Steven Sundermeier, a Central Command vice president. Corporate e-mail suffered under the strain. “The extremely aggressive … nature of Sobig.F created significant volumes of email traffic, causing email networks around the world to collapse.” Many users faced delayed messages, or simply messages that never appeared.
Though the worm targeted specific Microsoft vulnerabilities to spread itself, it was the act of spreading that caused the most havoc. “From the moment when Sobig.F appeared, many people received notification about the worm from Internet Service Providers automatic anti-virus filters. The auto-generated notification informed users that copies of the worm have been detected in e-mail sent from their computers. At the same time, the anti-virus software installed by the users did not detect Sobig.F,” notes anti-virus vendor Kaspersky Labs. Of course the worm forged “return” e-mail addresses, adding further e-mail traffic—bounce-backs in the form of “virus detected” or “user unknown” e-mails automatically generated by mail servers, not to mention the social engineering aspects—mountains of “stop spamming me!” e-mails flying between co-workers, which of course did no good.
All told, Kaspersky Labs says Sobig was the worst outbreak since October 2001.
No surprise then that the other top five viruses and worms on Central Command’s list—Lovsan.A (Blaster), MiMail.A, Nachi.A, and Klez.E—were but a small fraction of Sobig.F. Other Sobig variants also factored into the top 12, but they also added to the chaos. "The month of August turned into a plague of Internet worms affecting computer users worldwide,” says Sundermeier. “Multiple aggressive Internet worms made it the worst month in history for the number of infections reported, organizations [impacted], and lost productivity.” Central Command also reports 816 new viruses for the month.
Kaspersky says Sobig only accounted for about 62 percent of incidents it had seen last month. Worms overall, however, accounted for 90 percent of all incidents.
A banner month indeed.
About the Author
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.