
	Where results make sense

Topic: Sobig worm

Related Topics

Timeline of notable computer viruses and worms

Blaster worm

Sasser worm

SQL slammer worm

Morris worm

Sircam

Mydoom

List of computer viruses

Melissa worm

Code Red worm

Sven Jaschan

(c)Brain

CIH virus

Elk Cloner

VBScript

In the News (Mon 7 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Sobig worm -- Facts, Info, and Encyclopedia article (Site not responding. Last check: 2007-09-19)
		The Sobig worm will appear as an ((computer science) a system of world-wide electronic communication in which a computer user can compose a message at one terminal that is generated at the recipient's terminal when he logs in) electronic mail with one of the following subjects:
		The Sobig worm was written using the Microsoft Visual C++ compiler, and subsequently compressed using a data compression program called tElock.
		The Sobig.F worm deactivated itself on September 10, 2003.
	www.absoluteastronomy.com /encyclopedia/s/so/sobig_worm.htm (384 words)

	PCWorld.com - Sobig Worm Getting Even Bigger
		Sobig is a worm that uses e-mail and shared network folders to infect machines running Microsoft's Windows operating system, according to information posted on the Web site of Helsinki antivirus company F-Secure.
		As of Tuesday, F-Secure gave the worm a Level 2 ranking, indicating that it is "causing large infections" and putting it in a category with well-known predecessors such as the Klez worm.
		For example, Sobig always arrives in e-mail messages from the same sender, big@boss.com, unlike recent successful worms such as Bugbear or Lirva, which generated their own sender addresses, swapped in trusted sender addresses from sources such as antivirus vendors, or selected them at random from a long list.
	www.pcworld.com /news/article/0,aid,108793,00.asp (777 words)

	Sobig.e - Evolution of the Worm - LURHQ
		The Palyh worm was soon renamed to Sobig.b after it was realized from analyzing the code that Sobig was back for another round.
		This time the worm had a shelf-life; a built-in timer to stop it from spreading after a certain date, unlike the first Sobig, which is still circulating in the wild today even though it is unable to deliver its secondary payload.
		The Sobig.e initial infection is removed by the second-stage trojan.
	www.lurhq.com /sobig-e.html (1814 words)

	Sobig.f Examined - LURHQ
		Unfortunately, since the worm author's specific distribution method was revealed to the press, it is likely that the next worm will not use the same distribution method, losing AV companies valuable time in the race to innoculate users.
		This is an integral part of what makes Sobig; the worm itself it only one part of a larger picture.
		Not only does a worm's release sometimes trigger a change in the Wingate proxy ports, but the ports will be updated on proxy hosts that were infected with previous variants.
	www.lurhq.com /sobig-f.html (750 words)

	SoBig worm not yet slowing down - Aug. 21, 2003
		MessageLabs' Sunner said most of the problems from SoBig involve the time and cost of cleaning the worm from computer systems, rather than lost files or the opening of files to outsiders on the Internet, which can be problems with many viruses.
		The SoBig worm is the latest in an outbreak that began 10 days ago with the so-called "Blaster" or "LovSan" worm which, by some estimates, infected more than half a million machines running the latest version of Microsoft Windows, the world's dominant operating system.
		Worms may be less destructive to the infected computer, because they need the infected computer itself to replicate.
	money.cnn.com /2003/08/21/technology/sobig/index.htm?cnn%3Dyes (863 words)

	Sobig-F worm has twist in tail - Sophos warns of possible "Trojan horse" download
		Sophos has today warned that the mass-mailing W32/Sobig-F worm, which has flooded computer users this week, could attempt to download a Trojan horse between 8pm and 11pm BST today.
		At 19:00-22:00 GMT (which is 8-11pm in the UK) on Fridays and Sundays, the worm has been programmed to automatically direct infected PCs to a server controlled by the virus writer from which a malicious program could be downloaded.
		If the writer of Sobig succeeds in installing a Trojan on infected PCs, users could be in for a nasty shock when they return to work next week.
	www.sophos.com /virusinfo/articles/sobigextra.html (414 words)

	PCWorld.com - Sobig Worm Crawls Again in New Version (Site not responding. Last check: 2007-09-19)
		The latest version of the Sobig worm is making its way through computer networks around the world, apparently causing no direct damage but hogging bandwidth and IT resources in its path.
		This is the latest in a series of Sobig worms in recent months, Cluley says.
		He notes that a future version of the worm could work to set up infected machines for relaying spoofed messages that could be used for destructive purposes.
	www.pcworld.com /news/article/0,aid,111343,00.asp (567 words)

	Panda Software - Virus information
		Sobig.F is a worm that spreads via e-mail and across shared network drives.
		Sobig.F sends UDP packets to the port 8998 of certain IP addresses, which answer with a web page address that the worm will access to download a file.
		It then opens ports 995 through 999 on the affected computer, and waits for control commands to be received.
	www.pandasoftware.com /virus_info/encyclopedia/overview.aspx?idvirus=40408 (139 words)

	Sobig-F is fastest growing virus ever – official \| The Register
		Sobig-F, first detected on 18 August, is the sixth variant issued in the Sobig series and appears to be the most sophisticated to date, according to MessageLabs.
		The current Sobig virus to email ratio is approximately 1 in 17 and the virus is spreading at such a rate it is expected to continue to stay at high-level status for the next few weeks.
		Sobig is a mass-emailing virus that can spoof the sender's address, fooling the user into believing the email is from a legitimate source and then opening the email.
	www.theregister.co.uk /content/56/32443.html (440 words)

	Latest computer worm wreaks havoc worldwide
		The computer worm known as SoBig.F, feared to be the most potent ever, expanded its reach around the globe Thursday, sending e-mail networks crashing and frazzling technicians already overstretched by a plague of computer bugs.
		The worm was bogging down e-mail systems, bouncing automatic replies back to people listed as the sender but who likely were not.
		A so-called worm is a type of computer virus that can send itself over a network without being attached to another, "host," program.
	www.freep.com /money/tech/worm22_20030822.htm (493 words)

	CERT Incident Note IN-2003-03: W32/Sobig.F Worm
		New information indicates that this worm has additional capabilities that were not realized at the time it first began propagating.
		The worm also includes code that attempts to contact a list of 20 predefined IP addresses on port 8998/UDP on Fridays and Sundays between 1900 and 2200 UTC (starting at 1900 UTC on August 22, 2003).
		The worm is believed to have a programmed "shut down" date of September 10, 2003, at which time it is expected to stop propagating.
	www.cert.org /incident_notes/IN-2003-03.html (801 words)

	F-Secure Computer Virus Information Pages: Sobig.E
		A new variant of Sobig, known as Sobig.E was first found on June 25th, 2003 and it is spreading in the wild.
		The worm's file is a PE executable 86528 bytes long compressed with Aspack and TELock file compressors.
		The fact that the worm uses only 2 subjects and 1 attachment name indicates that the randomizing routine of the worm has a bug.
	www.f-secure.com /v-descs/sobig_e.shtml (678 words)

	McAfee Inc.
		The worm obtains the UTC time from one of these servers which is used by the worm to determine when to attempt to download remote file(s).
		The worm is capable of retrieving file(s) from a remote server - the specific URL of which is controlled by the author, and is issued in response to data sent from infected machines.
		To prevent the downloading of updates by the worm, it is recommended that UDP ports 995-999 and 8998 are blocked.
	vil.nai.com /vil/content/v_100561.htm (796 words)

	F-Secure Computer Virus Information Pages: Sobig.F
		Sobig.F is a mass-mailer worm which was found in the wild on 19th of August, 2003.
		The worm will also attempt to fetch a URL from where to download components when certain conditions are met.
		The following table shows all the Sobig variants, with their expiration dates and when they were first found in the wild.
	www.f-secure.com /v-descs/sobig_f.shtml (918 words)

	Symantec Security Response - W32.Sobig.F@mm (Site not responding. Last check: 2007-09-19)
		Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact.
		Outbound udp traffic was observed on August 22nd, coming from systems infected with both Sobig.E and Sobig.F. However, the target IP addresses were either not responding, taken offline, or contained non-executable content; that is, a link to an adult site.
		Then, the worm retrieves a URL that it uses to determine where to get the Trojan file, downloads the Trojan file to the local computer, and then executes it.
	securityresponse.symantec.com /avcenter/venc/data/w32.sobig.f@mm.html (2090 words)

	Campus Bulletins [UCLA Gateway]
		UCLA is experiencing an email worm called Sobig.F in addition to the MS Blaster worm we have been experiencing the last several days.
		Additionally, during the last few days, a new worm called Welchia or Nachi is intensifying the affect of the MS Blaster worm.
		The best way to avoid the spread of these worms is for each computer user to make sure their computer has the MSblaster security patch applied and continue to be up-to-date with current patches from Microsoft.
	www.ucla.edu /bulletin/bulletin_story_27.html (461 words)

	How the SoBig.F virus works
		The most frustrating aspect of the SoBig worm to system administrators is the fact that the worm won't infect a system without the cooperation of a mail user.
		SoBig will use email addresses from its target list as a spoofed "From" address in the mail envelope in order to make these messages appear to be more legitimate.
		Shortly after the worm was first seen in the wild and analyzed, most anti-virus vendors sent out immediate updates to their virus definitions to find and block SoBig.F. While some systems were already infected and infecting others, many other users were being protected by gateway and mail server anti-virus scanning products.
	www.outlookpower.com /issues/issue200308/00001085001.html (463 words)

	Sobig virus may be the tip of the iceberg - Security Strategy - Breaking Business and Technology News at silicon.com (Site not responding. Last check: 2007-09-19)
		A variant of the Sobig worm appeared over the weekend and is now spreading rapidly.
		This is the third Sobig variant to hit the internet this year, and security experts believe more variants may already be in the pipeline.
		The worm's main impact is to mass-mail itself to email addresses found in address books on the system, but such worms, when successful, can use large amounts of bandwidth.
	www.silicon.com /news/500013-500001/1/4461.html (650 words)

	virus rankings > Sobig Bumped From Top Spot In Virus Ranking > October 31, 2003 (Site not responding. Last check: 2007-09-19)
		The Sobig.F worm was bumped from the top spot in a monthly virus ranking, replaced by a virus that tricks computer users into opening its malevolent payload by disguising itself as a patch sent from Microsoft Corp.
		Central Command said the Gibe.C worm was No. 1 in October, accounting for 54.7 percent of the number of virus occurrences confirmed by the anti-virus company.
		Sobig.F last struck in August, arriving in E-mail under a subject line that typically said "re:details," "details," "your details," "thank you," or "resume." The sender was disguised as someone familiar to the recipient, such as the name of a company or person.
	www.techweb.com /wire/story/TWB20031031S0012 (434 words)

	CNN.com - SoBig.F breaks virus speed records - Aug. 22, 2003
		The SoBig virus is the latest in a series of attacks on computers that are costing increasingly more time and money.
		Fooled that the e-mail is legitimate, the user opens the e-mail and triggers the worm, which then goes hunting for addresses.
		However, the worm is set to deactivate September 10 and halt further propagation.
	www.cnn.com /2003/TECH/internet/08/21/sobig.virus/index.html (668 words)

	CBS News \| SoBig Virus May Be Spam Scam \| August 26, 2003 14:09:43
		SoBig was just the latest, and might not be the last: Experts believe a new virus might appear once SoBig expires on Sept. 10.
		SoBig did not physically damage computers, files or critical data, but it tied up computer and networking resources.
		The SoBig outbreak came just one week after a virus known as "LovSan" and "Blaster" took advantage of a flaw in the Windows operating system to clog computer networks.
	www.cbsnews.com /stories/2003/08/19/tech/main569191.shtml (782 words)

	Symantec Security Response - W32.Sobig.A@mm (Site not responding. Last check: 2007-09-19)
		The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
		The worm stores the addresses to which it sends the email messages in the file %Windir%\Sntmls.dat.
		Reverse the changes that the Worm made to the registry.
	securityresponse.symantec.com /avcenter/venc/data/w32.sobig.a@mm.html (1205 words)

	Sobig Slows, But Experts Warn Of Next Attack > Sobig Slows, But Experts Warn Of Next Attack > August 21, 2003
		Sobig, which has spread at a record rate across the Internet, slowed Wednesday, but virus experts warned computer users to prepare for the next variant that could come as early as mid-September.
		Experts speculate that Sobig, which only affects Windows-based PCs, could be the work of a virus writer employed by a spammer.
		Sobig, which struck a week after a separate virus, dubbed Blaster, wreaked havoc among computer users globally, clogged corporate networks and flooded computer users' email boxes with messages.
	www.techweb.com /wire/story/TWB20030821S0016 (755 words)

	I-Worm.Sobig.f (Site not responding. Last check: 2007-09-19)
		The worm itself is a Windows PE EXE file that is written in Microsoft Visual C++ and is compressed by the TeLock utility.
		The worm also creates the file winstt32.dat in the Windows directory and writes the email addresses that were found on the infected machine to this file.
		The worm scans all accessible network resources (other computers in a network) and copies itself to the auto-start directories (if there are such subdirectories) of each resource (computer) found.
	www.avp.ch /avpve/worms/email/sobigf.stm (408 words)

	O'Reilly Network: Russian Denies Authoring "SoBig" Worm
		The report, "Who Wrote SoBig?" (a copy of which is available here) includes a 48-page technical analysis of both SoBig and the Send-Safe bulk email program.
		Since SoBig was first identified in January 2003, experts have suspected that the worm was created in order to turn infected PCs into "Trojan" proxies that could be used to send spam anonymously.
		Ibragimov also said that the roughly similar release dates of new Send-Safe versions and updates of SoBig were purely a coincidence and not an indication that the programs were both written by the same person.
	www.oreillynet.com /pub/a/network/2004/11/02/sobig.html (1030 words)

	Worm and virus overload networks - ZDNet UK News (Site not responding. Last check: 2007-09-19)
		A "good" Internet worm and a new malicious mass-mailing computer virus are creating an enormous amount of network traffic, slowing some corporate systems, security experts said on Tuesday.
		Although the worm infected less than one percent of the company's 110,000 desktops, Lockheed Martin had some disruptions, said Elaine Hinsdale, director of communications for the company.
		The Sobig variant isn't all that different from previous versions of the worm.
	news.zdnet.co.uk /communications/networks/0,39020345,39115816,00.htm (977 words)

	Sobig virus devastation continues - Security Strategy - Breaking Business and Technology News at silicon.com (Site not responding. Last check: 2007-09-19)
		The worm aimed to patch vulnerable computers before the original MSBlast infected them, but its aggressive scanning for systems disrupted corporate networks.
		Internet service provider VeriSign said it was able to measure the effects of the Sobig virus and estimated that at least 100,000 computers on the internet have been infected by it.
		Sobig virus may be the tip of the iceberg
	www.silicon.com /news/500013/1/5706.html (1093 words)

	McAfee Inc.
		This worm is written in MSVC and attempts to spread via network shares and email.
		This package dropped two files - a pornographic image (which is displayed) and the worm.
		The worm retrieves a text file from a Geocities user page(http://www.geocities.com/reteras).
	vil.nai.com /vil/content/v_99950.htm (350 words)

	Update: Swen worm purports to be Microsoft alert, hits Europe hard
		The worm is more of a threat to home users and small offices because it travels as an executable file.
		If the worm is installed, a window pops up that reads "This will install Microsoft Security Update" and asks the user to click "yes" or "no." If "yes" is clicked, then a bogus installation dialog comes up.
		The worm tries to send a copy of itself as "WinZip installer.zip" to every user joining a channel where an infected user is present.
	searchsecurity.techtarget.com /originalContent/0,289142,sid14_gci928518,00.html (658 words)

Try your search on: Qwika (all wikis)