Tags: E-Mail
Probably the most widespread worm ever, Sobig.F continues to inundate the Internet. Fortunately for us, we've been blocking the worm at our e-mail server since Tuesday morning at 5:40 when we saw our first occurrence. Nevertheless, the worm has had a significant impact on our network.
We have been blocking viruses and worms at the e-mail server for approximately one year and keeping detailed statistics during that time. On average, we process between 10,000 and 20,000 e-mail messages per day. Monday (8/18/2003), we processed 15,577 messages, 58 of which were viruses that were blocked.
Tuesday, Sobig.F was released and we saw a significant increase in e-mail and virus activity. We processed 22,015 messages on Tuesday. 3,725 of these messages were blocked viruses, of which the vast majority were the Sobig.F worm (3,682).
On Wednesday, the worm activity intensified. We processed 32,030 total messages. More than a third of these messages (12,005) were viruses; 11,886 of them were Sobig.F. This made Wednesday, August 20, 2003, the fourth busiest day ever in the history of Earlham e-mail.
Thursday kept up the activity, with 28,800 total messages, 11,118 of which were Sobig.F. During Wednesday and Thursday, we were receiving Sobig.F messages at the rate of approximately one every seven seconds. As of mid-morning on Friday, the rate seems to be remaining at the same level as the previous days.
In addition to the statistics kept by the mail server itself, the worm's impact can be seen by the PacketShaper on our Internet connection. The following graph shows the inbound e-mail traffic (including POP and IMAP retrievals) on our Internet connection for the period of the two weeks prior to Friday, August 22, 2003. It shows a noticeable increase in traffic starting on August 19.
Update (Sep 11, 2003):
We started keeping detailed records of the number and kinds of viruses dropped at the mail server in February of this year. This graph shows both the total number of messages processed each day and the number of viruses dropped. The number of messages shows a strong weekly cycle, while viruses have only made up a small portion of the traffic until recently. This week we have dropped more viruses than the peak number of messages processed in some previous weeks.
