While it appears to have been thwarted, security experts on Friday warned of a possible attack or mass action by machines infected with the Sobig.F worm scheduled to begin at 7 p.m. GMT (or 3 p.m. EDT) on Friday.
Code buried deep in the Sobig.F worm was expected to cause afflicted Microsoft Corp. Windows machines worldwide to simultaneously connect to an as-yet unknown Web page and download a software program, according to security company F-Secure Corp. of Helsinki. The machines are using a number of atomic clocks worldwide to synchronize activities and coordinate the mass action, F-Secure said.
Researchers at F-Secure have analyzed the Sobig.F worm code and discovered the instructions, which are similar to those found in previous editions of the Sobig.F virus, said Mikko Hypp