|
Virus-detection software running on two key e-mail servers worked overtime
this month as a flood of bogus attachments flooded the Internet.
The most notorious of the recent viruses, Sobig.F, was estimated to have
infected one in every 17 e-mail messages sent across the Internet on August
19.
However, most people at Dartmouth were spared from infection, if not from a
torrent of messages with such ironic subject lines as: [Virus?]: Re: Thank
you!
The scanning software, known as Sophos, compares the code of e-mail
attachments against its internal list of patterns indicating virus infection.
The software is updated frequently to maintain an up-to-date list of virus
definitions.
Sometimes those updates arrive in the nick of time. Sophos received an
update for the Sobig.F virus at 6:40 a.m. on August 19. The first reported
"catch" of a Sobig.F virus occurred 35 minutes later. By 6:30 p.m.,
Sophos had detected and removed 36,370 instances of the virus.
The load slowed down delivery of some messages, but a quick configuration
change helped reduce the bottleneck, while handling an ever-growing volume of
traffic: The total number of viruses intercepted by Sophos had doubled to
74,217, with Sobig.F accounting for 73,517. (Volume is still heavy at month's
end, with more than 40,000 viruses being intercepted.)
It's easy to spot a scrubbed message in your In Box: The subject line starts
with [Virus?]. Opening the message reveals a note generated by Sophos stating
that a virus was detected in the message attachment.
For viruses other than Sobig.F, a message is also sent to the address that
generated the infected attachment (Sobig.F forges the return address on its
messages, so a notification to sender is more often confusing than
helpful).
Got a bug? See related article: Virus
Removal Tips
Questions regarding Sophos? Contact help@dartmouth.edu for more
information.
|
