Sobig’s Birthday — Tracking Most Damaging Virus Ever

A year to the day after the virulent Sobig virus hit the wild, spawning a family of

malicious attacks that would span the next nine months, anti-virus experts are on daily

watch for the next vicious attack.

Sobig-A, the first in a run of six variants, hit the wild a year ago today, Jan. 9. The

malicious family would go on to be known as the fastest-spreading and the most financially

damaging virus in the history of computers. It also one of the earliest pieces of code to

mix a virus with spamming.

Sobig-F, which ran rampant across the Internet in August and early September, has gone down

in the history books as the most damaging virus to date. It reportedly caused $36.1 billion

in damages.

At this point, MessageLabs, an anti-virus company based in New York, has intercepted 737,125

copies of Sobig in 183 countries. At its peak, one in every 17 emails stopped by MessageLabs

contained a copy of Sobig-F, the most malicious of the variants. By Dec. 1, more than 32

million emails containing the virus had been stopped by the company, easily putting Sobig-F

at the head of various Top 10 Viruses list for 2003.

During Sobig-F’s rampage across the Internet, AOL saw email traffic nearly quardruple ,

according to an earlier interview with Nicholas Graham, an AOL spokesman. Graham says AOL

scans email attachments at the gateway, checking for viruses. On an average day, the ISP

scans approximately 11 million attachments. One day during the Sobig-F attack, the staff

scanned 40.5 million email attachments and found 23.7 million of those to be infected with

viruses. Of those, 23.2 million were infected with Sobig-F.

Sobig is a mass-mailing worm that can also spread via network shares. When it arrives via

email, the worm poses as a .pif or .scr file. The sender’s address is spoofed. The worm also

has updating capabilities and will attempt to download updated versions when certain

conditions are met.

The Sobig variants were hitting the wild in fairly fast succession. Each variant carried

code that would kill the virus off on a certain date, specifically limiting the variant’s

lifecycle. Soon after one variant died off, another one would emerge to take its place,

building on the impact of its predecessors.

Earlier variants of Sobig infected computers and then downloaded Trojans to set the machines

up to be hidden proxy servers. With each variant, the author had a bigger army of machines

set up for the next seeding.

After Sobig-F died out on Sept. 10, anti-virus and security experts were waiting with baited

breath for the next variant, or Sobig-G, to hit within a matter of days. It didn’t, and it

still has yet to hit the wild.

”I am fairly surprised about that,” says Chris Belthoff, a senior security analyst at

Sophos, Inc., an anti-virus company based in Lynnfield, Mass. ”It could be that the author

or authors of Sobig are running a little scared. It was such a widespread and damaging

virus, and now he has the Microsoft bounty on his head. This person or persons may be lying

low out of fear. He might have been too successful for his own good.”

Microsoft Corp. announced in November that it is putting a quarter-of-a-million-dollar

bounty on the heads of the virus writers behind the highly destructive Blaster and Sobig

worms. The rewards are part of a $5 million fund that Microsoft set aside to battle

malicious code and the hackers and spammers behind it.

But just because the author of Sobig may be laying low right now, it doesn’t mean that the

security industry isn’t waiting for the next destructive variant to hit.

”We’re always waiting,” says Belthoff. ”We’re always expecting that one day it will

appear in our lab. We’re always on guard.”

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020