Sobig Worm (Sobig worm) is a computer worm, calculated in August 2003 the number of infections to millions of Internet and Microsoft Windows computers. The main hazard is recklessly mail. Part of the data from the infected machine message content, and therefore it is possible to leak the user’s confidential documents, in particular on the use of LAN office enterprises, so the virus is likely to spread a large area.

Although there are signs that the worm was in August 2002 was implemented, but SoBig.A was first discovered in January 2003. SoBig.B but was released on May 18, 2003. It was originally known Palych, and later by anti-virus experts have discovered that it is a new generation of SoBig variant, rename SoBig.B. SoBig.C was released in the same year on May 31. SoBig.D also been issued several weeks later, followed by June 25 SoBig.E was also released. In the August 19, incoming SoBig.F became a well-known and hit send large amounts of e-mail a new record. SoBig.F variant propagation speed

SoBig is not only a computer worm can copy itself, it is also a kind of Trojan horse disguised as other things. Sobig F and other types of Sobig virus, is the virus did not prevent the use of computer facilities in the Windows system vulnerabilities, the “pathogenic” disguised as e-mail addresses, and constantly changing form and subject of the message, making it difficult to detect. SoBig.F worm virus messages might include the following topics:

Re: Approved

Re: Details

Re: Re: My details

Re: Thank you!

Re: That movie

Re: Wicked screensaver

Re: Your application

Thank you!

Your details

E-mail including “See the attached file for details” or “Please see the attached file for details”.

It also contains the following attachment name:










The virus has the following three characteristics:

“Mail is very strong ability to communicate

“LAN strong ability of the virus spread

“Virus has the ability to self-improvement

If you use a word to describe Sobig.F, we can say: Sobig.F is a real spam factory, its ultimate aim is to make the enterprise server paralyzed, hindering all activities of enterprises. Therefore, Sobig.F this amazing diffusion capacity than the virus itself damaging to a business larger. It will be used every 10 seconds to send a message to all contacts in the address book. If a PC has 100 e-mail addresses, once it has been infected with the virus every 10 seconds mail will be forwarded to all 100 contacts. Visible, the worm has the ability to spread exponentially. Therefore, it is important that it is not the number of computers infected, but there are many computers it is to spread the virus.

Sobig F has a built-in time means that it ceased operation in September 10, 2003. However, computer virus experts urged users to use antivirus software to protect your computer.


Write a comment