Several Internet worms that have besieged computers for over a week have played havoc again, including one called Sobig.F whose aim was to turn PCs into spam machines and was believed to be the fastest growing virus ever, experts said.
Sobig.F drops software onto infected Windows computers that open them to be used later for distributing Internet spam -- unwanted e-mails and product promotions, experts said. It also represents a new trend in converging e-mail spamming and virus software writing, they said.
"We believe (Sobig.F) has been written by a spammer or spammers" looking for ways to get past spam filters, said Mikko Hypponen, manager of anti-virus research for Finnish security firm F-Secure. "For once, we have a clear motive for a virus -- money."
Security experts said it was difficult to ascertain how many computers had been infected by the Sobig.F worm. Worms are viruses that spread through networks.
Internet service America Online, however, said it blocked about 11.5 million copies while security firm MessageLabs stopped more than 1 million copies within the first 24 hours and dubbed Sobig.F the fastest growing e-mail virus ever.
Sobig.F hit the computing world as corporations were still recovering from several worms that spread through holes in Microsoft Corp.'s Windows operating systems, including the "Blaster" worm. Also called "LovSan," it has infected and crashed hundreds of thousands of computers since last week.
The "Welchia" or "Nachi" worm, which surfaced on Monday, infected 72,000 computers used by the U.S. Navy and Marine Corps and crippled Air Canada's reservation counters and call centers.
CSX Transportation said on Wednesday that a virus infection had slowed its dispatching and signal systems, forcing it to halt passenger and freight train traffic, including the morning commuter train service in Washington, D.C.
Sobig.F hit home users particularly hard, experts said. It arrives in an e-mail with an attachment that when opened infects the computer and sends itself on to other victims using a random e-mail address from the address book, making it difficult to trace the worm back to its source.
The Sobig family of worms represents a new trend in the convergence of worm and spam techniques for more widespread and faster deployment, experts said.
Virus writers are utilizing software that spammers employ to send bulk spam messages. Conversely, spammers are starting to use methods incorporated by virus writers to spread their messages and avoid detection, said Brian Czarny, marketing director at e-mail security company MessageLabs.
Previous Sobig versions loaded a program onto infected PCs that broadcast spam to other computers, thus turning the PCs into so-called "spam relays."
Sobig.F downloads a Trojan onto infected computers, which could later be remotely activated to send spam, experts said.
"There are computers scanning the Internet for open relays so spammers can jump from one machine to the next and be able to send millions of spam messages and have them not be traced back to them or be blocked," said Jimmy Kuo, research fellow at anti-virus vendor Network Associates Inc.
Sobig.F, which expires on September 10, is spreading quickly because it sends multiple e-mails simultaneously and spreads to other computers on a shared network, said experts, who predict there will be another version in the near future
Sobig.F drops software onto infected Windows computers that open them to be used later for distributing Internet spam -- unwanted e-mails and product promotions, experts said. It also represents a new trend in converging e-mail spamming and virus software writing, they said.
"We believe (Sobig.F) has been written by a spammer or spammers" looking for ways to get past spam filters, said Mikko Hypponen, manager of anti-virus research for Finnish security firm F-Secure. "For once, we have a clear motive for a virus -- money."
Security experts said it was difficult to ascertain how many computers had been infected by the Sobig.F worm. Worms are viruses that spread through networks.
Internet service America Online, however, said it blocked about 11.5 million copies while security firm MessageLabs stopped more than 1 million copies within the first 24 hours and dubbed Sobig.F the fastest growing e-mail virus ever.
Sobig.F hit the computing world as corporations were still recovering from several worms that spread through holes in Microsoft Corp.'s Windows operating systems, including the "Blaster" worm. Also called "LovSan," it has infected and crashed hundreds of thousands of computers since last week.
The "Welchia" or "Nachi" worm, which surfaced on Monday, infected 72,000 computers used by the U.S. Navy and Marine Corps and crippled Air Canada's reservation counters and call centers.
CSX Transportation said on Wednesday that a virus infection had slowed its dispatching and signal systems, forcing it to halt passenger and freight train traffic, including the morning commuter train service in Washington, D.C.
Sobig.F hit home users particularly hard, experts said. It arrives in an e-mail with an attachment that when opened infects the computer and sends itself on to other victims using a random e-mail address from the address book, making it difficult to trace the worm back to its source.
The Sobig family of worms represents a new trend in the convergence of worm and spam techniques for more widespread and faster deployment, experts said.
Virus writers are utilizing software that spammers employ to send bulk spam messages. Conversely, spammers are starting to use methods incorporated by virus writers to spread their messages and avoid detection, said Brian Czarny, marketing director at e-mail security company MessageLabs.
Previous Sobig versions loaded a program onto infected PCs that broadcast spam to other computers, thus turning the PCs into so-called "spam relays."
Sobig.F downloads a Trojan onto infected computers, which could later be remotely activated to send spam, experts said.
"There are computers scanning the Internet for open relays so spammers can jump from one machine to the next and be able to send millions of spam messages and have them not be traced back to them or be blocked," said Jimmy Kuo, research fellow at anti-virus vendor Network Associates Inc.
Sobig.F, which expires on September 10, is spreading quickly because it sends multiple e-mails simultaneously and spreads to other computers on a shared network, said experts, who predict there will be another version in the near future
