BEIJING, 24 August 2003 — Millions of computers across China were feared infected by the Sobig.F Internet worm yesterday, as the virus’ rampage through the United States appeared to slow.
Business executives and officials in China estimated that 30 percent — around 20 million — of the country’s poorly protected Internet users may have been attacked by the virus.
China’s growing online population has been easy prey for Sobig.F, which has exploited a low level of awareness and a widespread absence of efficient anti-virus software to infect computers across the country.
“We’ve never seen anything like it,” said Hao Ting, a spokeswoman for Beijing Rising Technology, an Internet security company.
“People, who may not be totally aware of the danger, simply open their e-mail and don’t discover it’s a virus until it’s too late,” she said.
Sobig.F, a “worm” virus so called for its ability to infect computer operating systems without human intervention, multiplies by using e-mail addresses it finds in infected computers. Experts have warned it is the fastest propagating system yet encountered.
The virus does not paralyze a particular computer but it does considerably slow the machine’s network and can grind servers to a halt with unsolicited e-mails known as “spam.”
Beijing Rising Technology arrived at the estimate that 30 percent are hit by the virus by analyzing data such as the massive number of customers with questions in recent days, she said.
Recent statistics show that China had 68 million Internet users by the end of June, putting the world’s most populous nation second behind the US in terms of people online.
The China National Computer Virus Emergency Center, a unit under the Ministry of Public Security, was working overtime this weekend trying to contain Sobig.F.
“This virus is very serious,” said Zhang Jian, a software engineer with the center based in Tianjin, a city near Beijing. “Currently, all I can say is the virus is spreading very fast.”
“The computers don’t have effective protection, and once one computer is affected it becomes the source of the further spread of the virus,” said Zhang, adding cyber-bug busters were confident of halting the spread within a week.
While Chinese engineers were struggling to combat Sobig.F, their counterparts in the US were confidently reporting the worm had been turned.
“The news is good,” Vincent Weafer of the Symantec computer safety products company told CNBC cable news. “At this time there is nothing harmful coming out of the 20 servers that were transmitting the virus.” MessageLabs, a similar company, said the 20 servers that could transmit the virus had been cut out of the network.
Computer protection specialists toiled through the day to stem the “epidemic” by repairing the 20 servers the virus had used to stuff innumerable e-mail boxes with infectious messages.
CNBC said the FBI was on the case, but was for the moment without clues to the perpetrator.
Mark Sunner, the chief technology officer at MessageLabs, said the company had detected more than 3.5 million copies of the virus since Aug. 18. “In the first 24 hours we intercepted over a million,” said Sunner. “It’s actually unprecedented.” So far it has mainly affected North America and Europe, said MessageLabs.
Sunner said the worm remained voracious but was slowing. “One out of every 42 e-mails has the virus now. At its peak in the first 24 hours it was one out of 17.”
According to the MessageLabs expert, the new Sobig.F virus is stronger than Sobig.A and Sobig.B and other earlier versions that have appeared since January.
Although its transmission seemed to be slowing late Friday, the Sobig virus was expected to be widespread for several weeks, Sunner said, adding it was set to deactivate Sept. 10.
