The release of the MyDoom computer virus may be the harbinger of worse things to come, a security expert believes. The timing of the outbreak contributed greatly to the harm done. The Internet worm was unleashed around 4 p.m. eastern time on January 26. Within 24 hours, close to 1.2 million systems had been affected. "The staggering thing about that number is this is about 200,000 more than we saw with the SoBig virus outbreak from August of 2003, which to that point was the largest virus we had ever seen," Jack Sebbag, Canadian GM/VP of Network Associates Inc. tells Network Letter. "If the same holds true, we might be looking at what is one of the biggest virus outbreaks in quite some time." A day after the interview, Finnish security software firm F-Secure declared MyDoom the worst email worm in virus history. Part of the problem, Sebbag maintains, was the timing. By 4 p.m., many companies were winding down their activities for the day. People did not see the damage until the next morning and therefore took longer to react. Network Associates, the parent company of cybersecurity software firm McAfee, has seen many clients affected. "We’ve spoken to some Fortune 500 accounts who said they were receiving as many as 1,000 emails per minute going through their network, causing some major productivity issues," Sebbag reports. "I’ve spoken to a couple of customers who even had to shut down their networks to clean up the virus before putting it back into production." Another outfit that was hit was the CRTC. The commission put a notice on its web site saying all zip files sent after 2 p.m. on January 26 were blocked because of security concerns. The quarantine remained in place for three days. Since many interveners on commission matters send large files, the blockade was a significant inconvenience. One novel feature of MyDoom was that it changed subject headers as it worked its way through the system. Previous worms retained a single header throughout the infection. A key fact to notice, Sebbag points out, is that each file attachment is 22.5 kilobytes, no matter what the header says. The advent of yet another computer worm inspired the American government to act. On January 28, the Department of Homeland Security instituted a cyber security alert system. The system, designed for businesses and home users, features cyber security tips, security bulletins and security alerts. The security bulletins are targeted to technical users, while the tips are written for both audiences. The security alerts have a regular and an advanced form, depending on the sector. Sebbag worries that this could just be the start of a series of attacks on the Internet. This should be a concern to more than just IT departments, he adds. "I’d say this is a wakeup call in general that these malicious code writers, these virus code writers are not going to sleep," he warns. "We haven’t seen a high risk or high alert status virus since July or August of last year, since SoBig. These guys will not stop. And generally these things usually come in bunches, as these virus code writers want to outdo each other and they see a big one like this." Bell Canada spokesman Don Blair tells NL that Sympatico was not affected by the attack thanks to its "very robust hardware and software" for rooting out viruses.