Network News

X My Profile
View More Activity

SoBig.F's Second Anniversary

Two years ago today, Internet users felt the brunt of a leap forward in virus-spreading technology as e-mail inboxes around the world were flooded with copies of "Sobig.F."

At the time it was the single fastest-spreading virus ever -- Sobig.F infected more than a million PCs in the first days and accounted for one of every 17 e-mails sent at its peak. The virus was especially overwhelming for Web users still reeling from the Blaster worm, which had begun clobbering Microsoft Windows systems just one week earlier.

While Sobig.F was the sixth iteration of the virus, its author(s) had tweaked each successive variant, incorporating lessons learned from prior attacks. The "F" version proved itself far more efficient at scraping e-mail addresses from infected machines, and it fixed a bug that limited the spread of Sobig.D and Sobig.E by including a mechanism that allowed it to send seven e-mail copies of itself at once. Sobig also broke new ground in "spoofing" itself, or exploiting a victim's e-mail address so that virus-laden e-mails appeared to have come from someone the recipient knew.

Like previous versions, Sobig.F was a "multi-stage" virus that would later update infected computers with software that allowed attackers to use them to forward spam. Security experts worked around the clock to decrypt how Sobig.F told infected machines where to download virus updates, timed to take effect just three days after the variant emerged on the Internet. Investigators were able to unscramble the code and shut down all but one of the update servers before that time, with the final remaining server shuttered a short while later, all but killing further spread of the worm.

Still, estimates of the damage caused by Sobig.F quickly soared into the tens of millions of dollars, and Microsoft later would offer a $250,000 bounty for information leading to the arrest and conviction of those behind Sobig. An anonymous author took a stab at figuring who wrote Sobig, but the Russian spam artist fingered in the report vehemently denied responsibility, and no one has ever been formally charged.

Sobig.F laid the foundation for flurry of similar e-mail attacks that would borrow from its techniques, including the highly successful Mydoom, NetSky and Bagle e-mail worms. While security software's ability to filter out and detect such threats has improved somewhat, too many computer users neglect to keep their software updated with the latest virus and worm definitions.  Too many others unnecessarily fall prey to phishing scams and e-mail viruses.

The Sobigs of the Internet can only be defeated if everyone takes responsibility for computer security.

By Brian Krebs  |  August 18, 2005; 11:00 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Latest Worms Duke It Out
Next: Workaround for Unpatched IE Flaw

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company