TALLINN - Like most people around the world, Estonians went to work August 20th only
to find their e-mail accounts clogged by hundreds of messages with such
common subject lines as "Thank You!", "Re:Details" , and "Re: That Movie."
But what looked like innocent messages from friends or colleagues turned out
to be the effects of the most contagious Internet virus ever.
Called "Sobig.F" because it is the sixth Sobig virus to be identified since
January 2003, the computer bug spreads when an unsuspecting user opens the
attachments of infected e-mails. The virus then forwards itself to all
e-mail accounts in that account's contact list, generating inordinate
numbers of e-mail messages, which fill inboxes, overload anti-virus
software, and create tremendous delays.
Sobig.F has been called the worst e-mail virus ever, and at its peak in late
August it accounted for 73 percent of all e-mail generated on Earth,
according to US-based Central Command, Inc., one of the world's leading
Ain Parmas, director of media relations for Elion, the provider of Estonia's
largest free e-mail service, www.hot.ee, described the e-carnage sustained
in Estonia during the outbreak.
"Sobig.f caused a 2 hour long delay at hot.ee system on Aug. 20 because
e-mail servers had to delete 1.25 million e-mails with the virus," said
According to Parmas, hot.ee and Elion's other e-mail servers have been
supplied with automatic anti-virus capabilities, which delete all infected
e-mails sent from and to @hot.ee e-mail addresses.
It was, however, the large quantity of infected e-mails that delayed the
In response to the virus, Elion had to double the number of e-mail servers
from 3 to 6 to allow the anti-virus software to function normally.
"Usually about 1.5 million e-mails go through hot.ee servers at weekends and
about 30,000 of them include viruses. On Aug. 21, the system deleted 2.1
million infected e-mails, and the total number of messages was 5.56
million," said Parmas.
After Aug. 21, the virus slowly began to decrease for hot.ee users.
In addition to Sobig.F, another virus called "Lovesan.A" or "MSBlast.exe"
caused more difficulties for Estonians by attacking Windows 2000 and Windows
2003 users and forcing some of their programs to either cease functioning or
to reboot perpetually.
Many Windows users came to work to find their computers rendered completely
useless due to Lovesan.A, which accounted for 7 percent of viruses worldwide
in August, but has also recently tapered off.
While the immediate crisis is now over, tech-loving Estonians have begun to
search in earnest for protective measures that could minimize the impact of
Elion in particular has seen an anti-virus program it introduced in May 2003
become increasingly popular in the past few weeks.
Dubbed "Anti-Virus", Elion and partner F-Secure Corporation have been
providing anti-virus assistance to residential customers and small
businesses that fear a new wave of viruses.
For a monthly fee of between 3 and 4.40 euros, subscribers can choose
anti-virus or firewall services or opt for both.
"These automated security services with updates will make it possible for
Elion customers to use e-mail and surf the Internet without the fear of
being hacked or infected by a virus," said Parmas.
While there are now only a few hundred subscribers, Parmas has seen a sudden
increase of interest in the service.
"The number of subscriptions is increasing quickly," he said.
While the increased use of anti-virus software has been one ramification of
the Sobig.F virus, Tonis Reimo thinks that it will take more than better
technology to ensure Estonia avoids similar difficulties in the future.
As CEO of Privador, Ltd., he directs a company that provides anti-viral
protection to many important Estonian clients, most notably the Estonian
"The most important step is to educate the people. Knowledge is the
solution," Reimo said.
"Until people are trained or educated to be aware about risks things like
this will continue to happen. Technology has its limitations when people do
not know what they are doing," he said.
While the government did suffer similar difficulties with Sobig.F, Reimo
says that his company managed to fend off this bout of viruses.
"Our customers were pretty much protected, but they had problems with e-mail
traffic. It took a few days until e-mails reduced," said Reimo.
As much as some experts stress awareness as a means of prevention, Parmas
thinks that anti-virus technology could help to thwart the spread of such
contagious viruses via the Internet.
"If all e-mail service providers had used automatic anti-virus, then the
spread of Sobig.F would have been minimal," said Parmas
He also warns that users should not think that Sobig.F is the worst kind of
virus they might face.
"There are a lot more serious threats than such viruses as Sobig.F on the
Internet," he said.
While Parmas assured his customers that Elion was equipped to deal with
potential dangers, he says the company cannot completely protect against
similar virus outbreaks in the future.
"If users are not aware of threats and do not use a personal anti-virus
program, then we can't guarantee with any technical means that none of our
users will be infected," he said.
While the origin of the Sobig.F virus is being tracked down by authorities
in the United States, where the virus supposedly originated in mid-August,
there are warnings that a virus even more powerful than Sobig.F could soon
spread to computers around the world.
According to Central Command, Inc., the Sobig.F virus has a built in timer
that schedules it to discontinue on September 10. Experts are worried that
the culprit who is circulating the virus could be planning the release of
the next one‹a "Sobig.G"‹in the very near future.
People like Parmas and Reimo who work in the Internet security industries
know that Estonia may become overwhelmed again by a similar virus in the
"August 2003 was probably one of the worst months for viruses. Certainly
people are more aware about viruses and other threats, but there is a long
way to go before all PCs are supplied with anti-virus in Estonia," said