[A] Anti-virus software often bounces a warning back to the sender of an infected e-mail, saying that the e-mail in question cannot be delivered because it contains a virus. SoBig. F was able to spoof this system by" harvesting" e-mail addresses from the hard disks of infected computers. Some of these addresses were then sent infected e-mails that had been doctored to look as though they had come from other harvested addresses. The latter were thus sent warnings, even though their machines may not have been infected.
[B] Blaster worked by creating a "buffer overrun in the remote procedure call". In English, that earns it attacked a piece of software used by Microsoft’s Windows operating system to allow one computer to control another. It did so by causing that software to use too much memory.
[C] Though both of these programs fell short of the apparent objectives of their authors, they still caused damage. For instance, they forced the shutdown of a number of computer networks, including the one used by the New York Times newsroom, and the one organizing trains operated by CSX, a freight company on America’s east coast. Computer scientists expect that it is only a matter of time before a truly devastating virus is unleashed.
[D] Most worms work by exploiting weaknesses in an operating system, but whoever wrote Blaster had a particularly refined sense of humour, since the website under attack was the one from which users could obtain a program to fix the very weakness in Windows that the worm itself was exploiting.
[E] One way to deal with a wicked worm like Blaster is to design a fairy godmother worm that goes around repairing vulnerable machines automatically. In the case of Blaster someone seems to have tried exactly that with a program called Welchi. However, according to Mr. Haley, Welchi has caused almost as many problems as Blaster itself, by overwhelming networks with "pings" signals that checked for the presence of other computers.
[F] SoBig. F was the more visible of the two recent waves of infection because it propagated itself by e-mail, meaning that victims noticed what was going on. SoBig. F was so effective that it caused substantial disruption even to those protected by anti-virus software. That was because so many copies of the virus spread (some 500,000 computers were infected) that many machines were overwhelmed by messages from their own anti-virus software. On top of that, one common counter-measure backfired, increasing traffic still further.
[G] Kevin Haley of Symantec, a firm that makes anti-virus software, thinks that one reason SoBig. F was so much more effective than other viruses that work this way is because it was better at searching hard-drives for addresses. Brian King, of CERT, an internet-security centre at Carnegie-Mellon University in Pittsburgh, notes that, unlike its precursors, SoBig. F was capable of "multi-threading": it could send multiple e-mails simultaneously, allowing it to dispatch thousands in minutes.
42()
