By Domesticus in Worms

Sobig is a notable worm that was responsible for millions of infections all around the world. In August of 2003, the Sobig worm infected millions of computers by spreading through the Internet. This dangerous computer worm targets computers with the Windows operating system and is routinely included in the list of notable malware infections throughout history.

PC security researchers received clues of attacks using the Sobig worm since summer of 2002. These may have been tests of this malware threat in preparation for the widespread attacks that occurred in 2003. The first version of the Sobig worm, known as Sobig.A was first detected in January of 2003. Malware researchers then identified a second version, Sobig.B, in May of 2003. This malware threat was originally known as Palyh, although PC security researchers then identified as a new variant of the infamous Sobig worm. Attacks involving the Sobig worm quickly escalated from there, with Sobig.C being released in the end of that month (this version fixed a timing bug in the second version of the Sobig worm). A few weeks later, Sobig.D was released quickly followed by Sobig.E in late June of 2003. The Sobig.F variant of the Sobig worm, released on August 19 of 2003, set records for the number of malicious emails sent, infecting millions of computers all over the world. It is this last variant of this infamous malware threat that has received widespread distribution and has caused the most damage all around the world.

Although the Sobig worm has the capacity to spread on its own, this dangerous worm can also be classified as a Trojan due to the way criminals disguise Sobig in order to hide its true nature. The Sobig worm would be distributed in malicious email messages with one of the following generic subject lines:

Re: Approved
Re: Details
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details

The text of these email messages will typically be sparse, with a simple indication to look for details in the attached file. This malicious email attachment, typically using the PIF or SCR extensions will usually have an innocuous, generic name such as application.pif, thank_you.pif, or wicked_scr.scr. Although Microsoft has offered a reward of hundreds of thousands of dollars for data leading to the arrest of the creator of this dangerous computer worm, to date the creator of Sobig has not been identified.

File System Details

Sobig may create the following file(s):
# File Name Detections
1. sobig.exe


Most Viewed