Sobig was living large in Kansas on Tuesday.

The devious computer virus shut down a Franklin County computer system, hobbled a major state agency and bombarded Kansas University with thousands of infectious e-mails.

“It’s amazing how much we rely on computers these days,” said John Steelman, administrator for the Franklin County District Court after technicians turned off the court’s computer system. “There were a lot of clerks sitting around and twiddling their thumbs,” he said.

At the end of the business day, technicians were busy installing a patch to get the systems up and running again — as more than a dozen frustrated employees were left to answer telephones, conduct manual file searches and otherwise get organized for the mounting tasks that lay ahead.

Sobig — or more precisely W32.Sobig.F — has appeared in 60 countries but mainly the United States and usually spreads through e-mail, hiding its identity by using familiar e-mail addresses taken from other computers, and familiar subject lines such as Re: details, Re: approved, and Re: Thank You.

State agency hit hard

The Kansas Department of Health and Environment had to shut down the external e-mail systems to all its 1,600 computers in Topeka and across the state, officials said.

Sharon Watson, a spokeswoman for KDHE, said when she arrived at work Tuesday morning, she had about 100 e-mails infected with the Sobig virus.

Many of them had familiar addresses. “Something that says ‘Thank You’ and it’s from an address that you know is tempting to open,” Watson said.

KDHE systems for sending and receiving e-mails from outside the agency were shut down for several hours and technicians continued working past office hours to disinfect about a dozen computers, she said.

“It certainly disrupted e-mail operations and there were some computers that had to be checked and cleared of viruses,” she said.

KU slowed

At KU, the virus slowed some e-mail servers after swamping school computers with countless e-mails.

The university’s network deflected the virus, but that slowed servers that filter messages sent from outside the university, according Jerree Catlin, associate director of academic computing.

Catlin said it might take an e-mail sent off campus two hours to reach an on-campus account. Normally, that process would take seconds or minutes.

“Like everybody else, we’ve been flooded with e-mail,” she said.

Catlin’s office issued a warning about Sobig and set up a Web site dedicated to the virus at www.ku.edu/acs/virus/viruses/sobigF.shtml.

According to KU, if you receive the infected e-mail, the address on the “from” or “reply to” lines is probably not the one that sent it to you.

“When Sobig.F infects a computer, it gathers all the e-mail addresses it can find on that computer and secretly sends infected messages to all but one of those addresses,” the warning says.

“Sobig places that one, randomly chosen, address in the FROM line of all those outgoing messages so that it will be difficult to determine where the messages really are from, and some innocent person will be wrongly accused.”

Stopped dead

Meanwhile, Douglas County officials were stopping the virus in the nick of time.

“We’ve probably caught 40 or 50 of them before they got into our network,” said Jim Lawson, the county’s director of information technology. “We haven’t been infected by it. We have multiple layers of virus protection — if one layer of the virus protection doesn’t catch it, another one will.”

Even so, Lawson reminded county employees about the county’s policies for eluding problems caused by such viruses: Don’t open any attachments, and don’t open mail from anyone unknown to the employee.

And, in particular: “Don’t open any e-mails with attachments from people you don’t know,” Lawson said.

Such instructions, at times, do make conditions difficult to carry on the public’s business, he said, but it sure beats the alternative.

“It’s just more of a pain,” Lawson said.

People should be sure to keep their anti-virus programs up to date, particularly on their home computers, where such vigilance typically gets overlooked, Lawson said.

Officials with the city and Lawrence Memorial Hospital reported no computer disruptions.