So, So Big

It's official: The nettlesome SoBig.F computer worm is the fastest spreading in Internet history. (As if you didn't know from the thousands of e-mails that have been clogging your inbox.)

The sixth "variant"-a kind of worm mutation-of the SoBig family eclipsed its siblings in terms of the number of e-mails it infected and how quickly it propagated. SoBig sends massive amounts of e-mails from an infected machine to everyone in the computer's address book. That explains why you might be receiving thousands of e-mails even if your computer hasn't been bitten by the worm.

SoBig's author programmed it to launch what experts thought would be a major online attack Friday afternoon. The worm ordered computers it had infected to contact one of 20 other infected systems to download further instructions.

But law enforcement authorities and security companies raced over the weekend to find those 20 targeted systems, and they managed to disconnect most of them from the Internet. Security experts reported that machines infected with SoBig downloaded only an adult Web site address from one of the three remaining targeted systems, The Washington Post reported Sunday.

With all the media frenzy surrounding the worm and its anticipated attack, you may have lost perspective on what a historic event the worm's release has been. So, here are some vital statistics on how big SoBig is:

• Date worm began spreading: Tuesday, Aug. 19
• Number of e-mails infected to date: More than 5 million
• Peak infection rate: An estimated 1 in every 17 e-mail messages on the Internet contained the worm
• Previous infection rate record holders: Love Bug (1 in 20 e-mails infected); Klez (1 in 25 e-mails infected)
• How often SoBig sends out a mass mailing from an infected computer: Every 10 minutes
• Ratio of consumer infections to corporate infections: About 8 to 1
• Number of e-mails scanned by America Online-the largest Internet service provider-that contained the virus: About 22 million, as of last weekend
• Total number scanned by AOL: 38 million
• Number of computers infected: About 100,000
• SoBig "variants" that have been released: 6
• Variants still active: A and E (first and fifth variants)
• Suspected origin of the worm: Authorities believe it was first embedded in a pornographic photo posted on an Internet bulletin board (Usenet). Surfers that clicked on the photo became infected.

When will it all end? SoBig is programmed to stop mass e-mailing Sept. 9. But computers infected with the worm will still attempt to download information periodically from certain Web sites.

(Sources: Statistics complied from security research firms iDEFENSE Inc., MessageLabs and Symantec, as well as news media reports and interviews.)

Pushing Progress

Illinois Democratic Sen. Richard Durbin is building off the momentum from the congressional inquiry into Sept. 11 intelligence lapses to push for fusing federal intelligence databases and terrorist watch lists.

In late July, before Congress' August recess, the Senate approved a Durbin-authored provision in the Homeland Security appropriations bill that calls on Homeland Security Secretary Tom Ridge and the Office of Management and Budget to report to Congress on key ongoing information sharing efforts.

Within 60 days of the passage of the appropriations bill, Ridge and OMB would have to report on:

• Progress developing an enterprise architecture-a technology systems blueprint-to ensure that Homeland Security's information infrastructure can interface with department agencies and other federal, state and local entities.
• Consolidation of terrorist watch lists still maintained by a number of agencies.
• Status of Homeland Security's inventory of all the technology systems within the department.

Homeland Security was supposed to have accomplished one of those tasks already-consolidating the watch lists-and officials say they've been working on the remaining two areas since before the department was established this spring. Durbin said he's "not convinced" that officials are making enough progress.

Durbin's requirement would be the first of its kind to make agencies report specifically on information sharing initiatives related to Homeland Security and counterterrorism. The General Accounting Office has already detailed a number of technology shortcomings in those areas across government, particularly in the area of enterprise architectures. By and large, agencies have had little success writing architectures and implementing them, GAO has found.