This week in security history - Sobig.F

  • 22 August 2014
  • 0 replies
  • 7 views

Userlevel 7
Badge +56
  • Retired Webrooter
  • 6752 replies
I thought it might be fun to indulge in some computer security history and nostalgia, so I'm going to post a weekly look back at significant events from the past.  We'll start off with one of the largest computer worms, Sobig.F
 
Released on August 18, 2003, Sobig.F set a record for volume of spam emails sent.  It appeared as an email with an innocuous headline of "Re: Approved" or something similar, and had a .pif attachment it encouraged you to open.  Once opened, the file setup its own SMTP engine and started sending out infection emails to every email address it could find on your machine.
 
Sobig.F was programmed to phone home the next week for updates, and was designed to be used as a backdoor for spammers to send additional emails once it was inserted into your computer.  Last year, on March 10, 2013, it reactivated itself again.
 
The author of Sobig.F was never found, although an anonymous analysis here pointed the finger at Ruslan Ibragimov, creator of Send-Safe, a spam sending tool that used open proxies.  He denied those allegations and to date no arrests have been made, despite a reward of $250,000 from Microsoft for information leading to an arrest.
 
In the end, the worm ended up costing at least $50M damages in the US, and China estimated that 30% of its email traffic during that period was due to the worm, equivalent to 20M infections.
 
Were any of you around for and remember this event?  If so, share your recollections below.

0 replies

Be the first to reply!

Reply