News > Technology
SoBig worm not slowing down yet
Security firm: Worm not seeing normal drop-off; returning vacationers could bring new spike Monday.
August 21, 2003: 4:36 PM EDT

NEW YORK (CNN/Money) - Businesses and other computer users haven't seen the worst of the SoBig worm, which may have caused an estimated $50 million in damage already, computer security experts said Thursday.

Mark Sunner, chief technology officer of MessageLabs, a leading e-mail security firm, said that normally viruses, worms and other computer problems peak on the first day as software makers rush to get patches to their clients. But the SoBig worm, which has been cramming e-mail in-boxes with spam, has not abated much since it surfaced Monday.

"We expect these to drop off on the second day, but we're not seeing that this time," Sunner said. "The e-mail component built into SoBig is so efficient that it has just reached that critical mass where it's got fertile ground to continue to grow."

Sunner believes the virus will be brought under control but that it could be a major problem until the middle or end of next week.

"I would actually predict we'll see a real spike on Monday," he said. "With so many people on vacation this week, this has sat in [e-mail] trays waiting to strike, and these are the same users who won't have an up-to-date patch to address it."

John Pescatore, research director for Internet security and research firm Gartner Inc., said that even when SoBig is vanquished, the worm's success in causing problems means the spam attack mechanism is likely to be seen again.

Punish the wormers!!!

"Each new generation of viruses and worms choose from the most successful features of previous generations," he said. "Now that someone wrote a virus that runs around and writes spam, we'll know we'll see more like it in the future."

The only small silver lining for those who have been hit by the spam attack is anecdotal evidence suggesting that other forms of spam aren't getting through, said Pescatore.

The other break computer users got was that SoBig hit at a relatively slow time for e-mail traffic, with many people on vacation.

Nicholas Graham, spokesman for America Online, the world's largest Internet service provider, said the company can handle up to 500 million e-mail messages a day to its members, but that there are about 300 million to 350 million right now, even with SoBig.

Costs in tens of millions

MessageLabs' Sunner said most of the problems from SoBig involve the time and cost of cleaning the worm from computer systems, rather than lost files or the opening of files to outsiders on the Internet, which can be problems with many viruses.

Pescatore said that the cost of both technical support personnel and lost productivity by the computers' users can range from $500 to $1,000 for each infected machine.

Related Stories
Will anti-virus earnings be 'SoBig'?
E-mail deluge triggered by 'worm'
'Good' worm hits computers
Worm turns PCs into spam machines

"Even if SoBig comes in well below that, at $100 per machine, that's probably going to be $50 million," he said, using an estimate that 500,000 computers may have been infected already.

The SoBig worm is the latest in an outbreak that began 10 days ago with the so-called "Blaster" or "LovSan" worm which, by some estimates, infected more than half a million machines running the latest version of Microsoft Windows, the world's dominant operating system.

Viruses tend to be spread via e-mail, bogging down corporate e-mail systems in particular, destroying files and data on the computer they infect. Worms may be less destructive to the infected computer, because they need the infected computer itself to replicate. But they can slow or even halt operations by the strain they place on computer networks.

This week, the "Welchia" or "Nachi" worm surfaced. It masquerades as a benign program mean to fortify computers against Blaster. But it packs a punch, clogging computer networks, slowing Internet connections and even knocking systems offline.

Nachia's victims include the European engineering firm ABB, Air Canada, and the U.S. Navy and Marine Corps.

CSX Transportation, one of the largest railroads in the eastern United States, saw its communications systems hit by Blaster on Wednesday, hurting dispatch and signal systems and halting freight and passenger rail traffic in parts of the CSX system, including morning rush hour trains in Washington, D.C., as well as Amtrak.

But generally there have been few critical business systems shut down so far by this spate of worms and viruses, so most of the cost has been a matter of cleaning up.

Ferris Research estimates spam will cost U.S. businesses more than $10 billion in 2003, with spam accounting for 15 to 20 percent of inbound e-mail at U.S.-based corporations.

MessageLabs estimates SoBig could at least temporarily increase global e-mail traffic by as much as 60 percent. But Gartner's Pescatore said the cost of dealing with SoBig's additional spam is limited if it is a one-time and relatively short-term spike.

"Typically, the cost of spam is a long-term cost," he said. "A one-time flood of e-mail is fairly negligible compared to the cost of going around and cleaning up affected PCs and servers."  Top of page

Reuters contributed to this report

Honda teams up with GM on self-driving cars
The internet industry is suing California over its net neutrality law
Bumble to expand to India with the help of actress Priyanka Chopra
7 things to know before the bell
SoftBank and Toyota want driverless cars to change the world
Aston Martin falls 5% in its London IPO

graphic graphic