News

Federal officials intensified the search for the source of the "Sobig" computer worm, the fastest spreading e-mail virus ever, by issuing a subpoena to an Internet service provider in Phoenix. The Federal Bureau of Investigation has begun a probe to find the worm's creator.

The next wave of the virus, which some security companies predicted would come at 3 p.m. Friday, failed to flood networks with more messages. Sixteen of the 20 server computers identified as targets for the new attack had been shut down to help stop the virus and others didn't respond, anti-virus software maker Symantec Corp. said in a statement.

Security companies cracked the code and worked with government agencies to disconnect the machines. Sobig has infected networks of FedEx Corp., Starbucks Corp. and AOL Time Warner Inc., and the states of New Jersey, Pennsylvania and North Carolina. The New York Times Co. said computers at its offices in New York City "experienced difficulties" shortly after noon yesterday. The company wouldn't say for certain that Sobig was the cause.

The virus, which has sent almost 100 million junk e-mails since its discovery this week, was supposed to connect to the 20 server computers in the United States and Canada, prompting them to contact infected personal computers worldwide and have them retrieve and run a program, according to Mikko Hypponen, head of virus research at F-Secure Oyj.

The virus will try to do the same thing every Friday and Sunday until it expires Sept. 10, Stephen Trilling, senior director at Symantec, said on a conference call.

"It's always difficult to predict how these things are going to play out," he said.

Analyzing the code will help the FBI catch the people behind Sobig, spokesman Bill Murray said. The probe is being led by the FBI field office in New Haven, Conn., he said.

Internet service provider Easynews.com received a subpoena and provided information to the FBI as part of the investigation, co-owner Michael Minor said. Officials are looking for information about one of its users, he said. The Washington Post reported that the FBI and Department of Homeland Security have narrowed their search for the source of the virus. Murray declined to comment on the Post story.

Computer-security experts have been working since Monday to eradicate Sobig, which sends junk e-mails to home and business computers. Sobig has hit home users harder than corporations, most of which are able to afford the latest anti-virus software and to hire companies to fight the virus.

Thursday, the virus reached computers at National Public Radio. Employees have been told to avoid downloading material from Web-based e-mail programs, said Jenny Lawhorn, an NPR spokeswoman. NPR also has had difficulty keeping the Web site updated because of the worm, she said.

"It is certainly devious on the part of the creator," said Mark Sunner, chief technology officer of MessageLabs Inc., a New York-based computer-security company whose clients include the Federal Reserve.

The New York Stock Exchange, which hasn't experienced any problems with Sobig, has prepared for any problems that may come from the worm yesterday, said spokesman Richard Adamonis. He wouldn't elaborate.

"We are restricting access to certain Web sites, such as Yahoo mail and Hotmail, and external sites like those where the virus might be found," said Melissa Fox, a spokeswoman for the Nasdaq Stock Market.

Nasdaq has gotten 64,000 spam e-mails sent to Nasdaq.com addresses carrying the virus that have been blocked by anti-virus software, Fox said.

I can count the total number of virus writers who have been caught on my fingers," said Chris Belthoff, senior security analyst at Sophos Inc., a closely held computer-security company based in Lynnefield, Mass.

Experts say computer users need to be careful about downloading e-mail attachments because of Sobig. Companies and individuals also need to make sure that their antiviral software is up to date before a new Sobig attack may begin.

"It's not something to be complacent about," said Ian Hameroff, security strategist at software maker Computer Associates International Inc. "We could see slowdowns in traffic."

So far, Sobig has been more of an annoyance than a threat.

"My biggest problem is that most of the mail sent overnight doesn't reach me because my mailbox reaches its limit while I sleep and bounces legitimate messages back to senders," said Jim Romenesko, who runs a media news website, in an e-mail Thursday. "I've been deleting well over 1,000 of the Sobig emails daily."

The 2,000-employee Federal Communications Commission had some slowdowns in its e-mail, said spokesman David Fiske. Dollar General Corp. experienced slower systems, but no major problems, said spokeswoman Andrea Turner.

"It's been more of an inconvenience," she said.

The worm affects computers running Microsoft's Windows operating system, which powers more than 90 percent of all PCs.

"All week, we've seen an incredibly high number of worms running on the Internet, and the filters that we have been very busy," said Dave Johnson, a spokesman for AT&T Corp., which operates one of the biggest Internet networks.

• Most Read
• Most E-mailed
• Latest News