A potentially crippling e-mail virus attack on the Internet appears to have been thwarted as computer security experts moved quickly to block traffic from targeted computers.
Sobig.F has become one of the most widespread viruses ever, crippling corporate e-mail networks and filling home users' inboxes with a glut of messages, before jetting copies off exponentially to ever more victims.
Both business and home computer users have struggled to fend off the automated attacks.Experts said the Sobig.F worm that has been clogging e-mail inboxes since Monday night included a hidden command directing infected computers to make contact with one of 20 host computers tonight.
The host computers direct the target computers, or zombies, to a Web address where they would download a program, experts said.
The worm spreads through e-mail when a user opens an accompanying attachment and sends itself to other e-mail addresses from the computer.
Experts did not know what that program would do, but worried that the timed attack would slow down Internet traffic.
Experts have speculated that Sobig.F was designed to turn computers into spam relay machines as previous versions of the worm did.
America Online, the world's biggest Internet service provider, had detected 21.6 million e-mails were infected with the Sobig.F virus, out of 38 million e-mails that were scanned yesterday.
The first copies of the Sobig.f virus were noticed on Monday morning and anti-virus firm MessageLabs has been stopping 12 emails per second ever since. MessageLabs said one in 17 e-mails sent around the world since Monday had been affected by SoBig.F.
Internet service America Online said it blocked 23.2 million copies of the worm from reaching its customers and e-mail security provider Postini said it quarantined 3.5 million copies.
The SoBig.F virus spreads when unsuspecting computer users open file attachments in e-mails that contain such familiar headings as "Thank you," "Re: Details" or "Re: approved."
Once the file is opened, SoBig.F resends itself to scores of e-mail addresses from the infected computer and signs the e-mail using a random name and address from the infected computer's address book, which makes tracing it back to the source extremely difficult.
Users who think they may have an email with the virus are urged not to double-click on the attachment.
The outbreak began 10 days ago with the so-called "Blaster," or "LovSan," worm which, by some estimates, infected more than 500,000 computers running Microsoft's Windows software, the world's dominant operating system.