THE LESSON of the SoBig.F emal virus is that we"re already in the opening stages of a war. (No, that"s not a typo -- "emal" was coined by Mike Magee just the other day to mean "malicious email".) This stealthy war looks to be a long one because, so far, it appears we"re losing.
Our existing Internet infrastructure and can only react to attacks like the aggressive spam flood of SoBig.F and the Windows worm infestations that preceded it. The Internet just isn"t yet capable of recognizing and defending against these and other modes of subversion in real time, and it likely won"t be for quite some time, due to it"s simple protocols and distributed structure. These same characteristics that make the Internet so robust, efficient and highly flexible also make it vulnerable to such forms of attack. These attacks have already had sobering, even alarming consequences.
The deluges of spam generated by SoBig.F ramped up a 20-fold increase in Internet traffic about 10 days ago, as reported by NetworkWorldFusion. It carried a payload that attempted to contact 20 websites, presumably to access newer and nastier code. This "phone home" behaviour of SoBig.F was a bit alarming to some network security researchers, since it manifested the sophistication of hybrid attack concepts. By exhibiting a form of zombie activity on top of the virus characteristic of propagating initially by email, it showed a higher level of malicious coding skills as well as a hint of goals.