25 August 2003 Further evidence has emerged about how the Sobig-f virus was propogated, which is strengthening investigators’ belief that it was written by spammers, possibly with links to organised crime.
The US Federal Bureau of Investigation (FBI) has tracked down the source of the virus to a posting on an ‘adult’ newsgroup, which had promised pornographic images, but which instead downloaded the virus on to unwary users’ PCs.
The posting was made via an account set-up on Phoenix, Arizona-based Easynews. “It looks like the original variant was posted through us to Usenet on the 18th,” said Michael Minor, the company’s chief technology officer.
When the unwary users had downloaded the file, their Microsoft Outlook contacts were emailed with copies of the virus, helping the outbreak to explode around the world within hours.
According to the FBI, the virus writer used stolen credit card details to establish an account with the Arizona-based company just seven minutes before unleashing the virus. The account was set-up from a compromised PC belonging to someone in British Columbia.
Computer security experts have been working round the clock in the last week to quell the outbreak and, in particular, to take down the 20 web sites the virus was programmed to contact at the weekend. The web sites contained Trojan horse software similar to that found on the British Columbian’s PC.
They believe the people responsible for the virus would then have used the compromised machines to spam with impunity, getting round the increasingly effective anti-spam blacklist operated by organisations such as the Spam Prevention Early Warning Systems (SPEWS).