All is quiet as deadline for Sobig attack passes

The Internet was quiet as the clock ticked past the scheduled start time for a massive, coordinated action by Microsoft Corp. Windows machines infected with the Sobig.F virus.

Beginning on Friday, antivirus companies warned of possible danger posed by an unknown program that Sobig machines were programmed to download and run beginning at 3 p.m. EDT.

Using atomic clocks associated with universities and governments around the world to coordinate their actions, the Sobig machines were scheduled to search a list of 20 Sobig.F servers that were individually hacked by the virus author and supplied with instructions to download and run a special file. [Please see Security company warns of possible new Sobig attack.]

Security experts warned about the possibility of denial of service attacks, as thousands of Sobig-infected machines were all pointed to a single Web site.

Virus authors could also instruct the infected machines to download a Trojan horse program, giving the author a back door into the infected system for future use, experts said.

The CERT Coordination Center in the U.S. and Europe as well as the U.S. Federal Bureau of Investigation were informed of the threat and worked to notify the Internet service providers (ISPs) that hosted the machines named by Sobig so that they could be taken off line, according to Mikko Hypp