Week in review: So long Sobig? Not so fast

Security researchers believe that the creator of the mass-mailing computer virus won't stop with Sobig.F--the money may be too good.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
6 min read
Think the threat of the nasty Sobig mass-mailing virus has passed? Think again.

Security researchers believe that the creator of the Sobig mass-mailing computer virus won't stop with Sobig.F--the money may be too good. The Sobig viruses, the first of which started spreading in January, are designed to load special software that can make spam anonymous on people's PCs. The tens of thousands of computers infected by the virus can then be used by bulk e-mailers to send unsolicited messages that can't be tracked.

"It is very well planned, very well designed and very well executed," said Mikko Hypponen, director of antivirus research for security company F-Secure. Hypponen believes that the virus' author likely sells the list of compromised PCs to spammers. "For once we have a virus with a very good motive: money."

Sobig.F hit the Internet hard in mid-August, clogging e-mail systems with messages that bear copies of the virus. The Sobig.F virus spreads by harvesting e-mail from Web pages and from an infected computer's address book.

The FBI said earlier in the week it was "confident" it would capture those responsible for creating and spreading the Sobig.F virus and the MSBlast worm. Indeed, on Friday, it made an arrest in the MSBlast case. The those who are responsible for creating and spreading the Sobig.F virus and the MSBlast worm, and on Friday was poised to annnounce an arrest in the MSBlast case. "We are working with the Department of Homeland Security and with state and local law enforcement on our Cyber Task Forces to track down the perpetrators of Sobig and the recent W32/Blaster worm," FBI Director Robert Mueller said in a statement. "We employ the latest technology and code analysis to direct us to potential sources, and I am confident that we will find the culprits."

Despite law enforcement's efforts, threats still lurk on the Net, and not all of them are the result of malicious intent. Network hardware maker NetGear warned its customers of a flaw in some of its router products that set off an accidental denial-of-service attack on the University of Wisconsin.

The problem occurred because of a flaw in a method commonly used by network devices to contact special "time" servers that pass on the correct time and date. The flawed routers work fine until one of their periodic requests for the correct time goes unanswered. If, for whatever reason, the time server is unavailable, the flawed router will continue sending requests until it is answered.

Sue you, sue me
A group of small Webcasters filed an antitrust suit against the Recording Industry Association of America, alleging that the trade association tried to push independent music stations offline. The Webcaster Alliance has been threatening to sue the RIAA for months, after Congress ratified royalty rates for Internet radio stations that many small operators said will drive them out of business. The existing rates were negotiated between a small, unrepresentative group of Webcasters and the RIAA, and are aimed at eliminating competition, the alliance members said.

Webcasting royalty rates have proved to be an enormously contentious topic for years. A small group called the Voice of Webcasters is negotiating with the RIAA, which set royalty rates at a percentage of revenue instead of a flat fee per song. Some Webcasters found the new model better, but others--particularly those who had been left out of the negotiations--cried foul.

The RIAA said the lawsuit was groundless and did not comment on the details.

For its part, the industry group pointed a battalion of legal artillery at the sole Kazaa user fighting the association's attempts to identify file swappers, saying she was indisputably a major copyright infringer. In papers filed with a federal court in Washington, the RIAA said it did not oppose the anonymous Kazaa user's request to fight the subpoena seeking her identity, but that any such motion should be filed immediately.

Previously, "Jane Doe's" attorneys had asked for more time to prepare their case, arguing that the RIAA subpoena violated her privacy and other constitutional rights. The latest round of briefs also gave new insight into exactly what kind of evidence the group would level against accused file swappers in court.

The RIAA, record labels and Hollywood studios are gaining allies in a quest to overturn a court ruling that said file-swapping software companies aren't responsible for the copyright infringement of their users. Several groups, including a list of legal scholars, international copyright organizations, legal music services and other copyright-holder groups filed "friend of the court" briefs asking that an April ruling upholding the legality of file-swapping services such as Grokster and StreamCast Network's Morpheus be overturned.

Tech in court
The RIAA wasn't the only tech player embroiled in legal maneuverings. The California Supreme Court ruled that a Web publisher could be barred from posting DVD-copying code online without infringing his free-speech rights.

The state's high court overturned an earlier decision that said blocking Web publishers from posting the controversial piece of software, called DeCSS, which can be used to help decrypt and copy DVDs, would violate their First Amendment rights. An industry technology coalition called the DVD Copy Control Association had sued dozens of people in California courts, contending that posting the software online violated its trade-secrets rights.

Spammers came under fire from two tech giants that were hoping to stem the tide of unwanted bulk e-mail. Amazon.com filed 11 lawsuits aiming to bar Internet marketers from sending e-mail forgeries under Amazon's name. It is seeking millions of dollars in punitive damages.

The suits are part of an initiative at Amazon to thwart e-mail forgeries of its name, or what's known as "spoofing." E-mail spoofing is the practice of concealing the e-mail senders' identity with that of a third party, in order to make the e-mail more desirable to open and to deflect the ability to trace the sender.

EarthLink's spam salvo was a lawsuit filed against the "Alabama Spammers," an unidentified group it alleges used its access service to send massive amounts of junk e-mail. The ISP is seeking an injunction and damages against defendants who "engaged in a massive scheme of theft, spamming and spoofing," with the use of stolen credit cards and unauthorized use of Net access accounts, according to the complaint.

The company said the name Alabama Spammers refers to the group's frequent use of phone lines in Birmingham to illegally connect to EarthLink POP (Post Office Protocol) accounts in that area. EarthLink said as many as 100 individuals could be involved in the spamming ring in Alabama and British Columbia, and they've sent as many as 250 million e-mail messages on its network.

Mergers and e-mails
Recently unsealed internal e-mails from Oracle executives outline the company's strategy and thoughts in its effort to acquire PeopleSoft in a hostile takeover, PeopleSoft said. The release of Oracle's documents and internal e-mails--two from high-ranking Oracle executives--mark the latest turn of events in the escalating fight between the two software applications companies over Oracle's hostile takeover bid.

In its lawsuit, PeopleSoft noted that although Oracle executives had indicated that PeopleSoft products would be placed in "maintenance mode," Safra Catz, a high-level Oracle vice president, said in an internal e-mail, "We really won't be continuing their product line." Oracle, however, said that the comments were taken out of context.

Oracle may be pressing on with a nearly 3-month-old unfriendly quest to buy PeopleSoft, but to PeopleSoft CEO Craig Conway, Oracle's bid is all but dead. "I truly believe--and I'm not being a peacock and spreading my feathers--that the Oracle saga is over."

In an interview with CNET News.com, Conway said Oracle's $7.25 billion tender offer for his company is no longer much of a concern to him. "I don't spend any time on it anymore," he said.

Despite those pronouncements, PeopleSoft has restarted a customer refund program that's designed to counter the potential damage to its sales from Oracle's hostile buyout offer. PeopleSoft introduced the money-back guarantee last quarter. Under the program, PeopleSoft customers that purchase new software would be owed a refund of two to five times the cost of their software license fees if PeopleSoft were acquired and the acquiring company stopped selling its products. http://news.com.com/2100-1012-5068429.html

Also of note
IBM and the University of Texas at Austin plan to collaborate on building a processor capable of churning out more than 1 trillion calculations per second --faster than many of today's top supercomputers...Apple Computer's new Power Mac G5 may be the fastest Macintosh around, but it is less able than its predecessors to run Microsoft Windows software because Virtual PC doesn't support the G5...A denial-of-service attack took down the Web site of SCO Group, which is caught in an increasingly acrimonious row with the open-source community over the company's legal campaign against Linux.