There is no preparation without execution

Advertise Online

Call on: 08035007778




Home > Career Content


Content and Tips

As big as Sobig?


August, 2003 is without doubt the month of the worm. It started with the MSBlaster worm which has infected over 700,000 computers so far. The worm took advantage of the most widespread flaw of Windows - the Windows implementation of the RPC (Remote Procedure Call) protocol, which enables client and server applications to communicate across networks.

After MSBlaster came Welchia, which also exploits the same Windows flaw, but this time Welchia acts to remove MSBlaster from infected systems – an antivirus-virus!

And the came the biggest of all. After the rude shocks of Blaster and Welchia, Sobig.F marks the third major attack for Windows users.

Sobig.F is the sixth variant of the Sobig virus. It is also the most sophisticated to date. Since the first Sobig virus was issued on January 9th 2003, the security oufit, MessageLabs has intercepted almost three million copies of Sobig variants. The Sobig virus has been described as “the worst ever computer virus” and “the largest epidemic of a mass-mailing worm to date”.

How does Sobig spread?

The Sobig.F virus spreads through Windows-based PCs via email and networked systems. It uses a technique known as "email spoofing," by which it randomly selects addresses it finds on an infected computer - from web pages and from the address book. . It arrives as an email attachment with a .pif or .scr extension. When run, it sends a copy of itself to the addresses in an email message with subject lines such as "Your Details," "Re: Wicked screensaver," "Re: Approved," and "Thank you!"

Sobig.F, like previous versions of the virus, forges e-mail addresses by using an email address other than the victim's as the apparent source of email messages that it sends to spread itself.

In addition to its initial function of email congestion, it also deposits a Trojan horse, or back door, that can be used to turn victims' PCs into transmitters of spam email.


Sobig originated in the US and the virus is currently most prevalent there. According to security experts, one in every 17 messages contains the Sobig virus. This is far more than the normal 1-in-275 ratio. It also far exceeds the performance of Klez, the previous most dangerous virus which had a 1-in-125 ratio.

AOL said it scanned 40 million email attachments in one day - about four times the average daily volume - and found more than 23 million copies of the Sobig.F virus.

Because it sends so many emails, a worm like Sobig also saps bandwidth and slows network performance – leading to the shutting down of many networks through the congesting of email servers. These viruses have disrupted several companies, including those responsible for critical parts of US infrastructure.

Although mainly Windows systems (Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP) are affected, Linux, Macintosh, OS/2, UNIX and Windows 3.x are not affected.

Expiration Date

The Sobig.F virus, like the previous versions of Sobig has an inbuilt expiration date. If the date is September 10th 2003 or later, the worm will stop spreading. But to many secuirity experts, this does not mean the end of Sobig, it might even be a pointer that something bigger may be in the offing after September 10.

What can you do?

So what can you do about Sobig and the growing family of worms. According to security experts the worst of SoBig.F may not be over yet. The real threat is not the size of the Sobig infection, but for the first time this appears to be organized criminal activity- online. For a virus to have a 6th version with each version growing in sophistication and impact, one may not be dealing with pranksters, or “ego-trippers” but with something more organized and focused –particularly because of the linkage with spam mail.

Already the FBI, US has also launched an investigation into Sobig.F and is trying to determine who released the code into the wild.

Sobig and the other threats are security issues that most be addressed by all – Software manufacturers, users, corporate networks, anti-virus companies and law enforcement.

The Blaster attack is a big dent for the software giant –Microsoft. Since mid-july when Microsoft announced the RPC vulnerability and provided a patch for it, security experts knew an attacker would take advantage of it. The focus should be less on sales. In their own interest, Microsoft and other manufacturers should start giving security the priority it deserves.

A reliable source for security support is the anti-virus and security community. Most anti-virus software vendors release frequently updated information, tools, or virus databases to help detect and recover from malicious code. However, it would still be simplistic to handover completely to anti-virus or security vendors.

But although anti-virus protection can be a great support, it is not perfect. Normal anti-virus protection is still reactive in nature –giving new worms and viruses an initial upper hand. Often it is you the user who first informs the Antivirus vendors about a new virus.

As this month is showing, just like Wireless, Security is an issue that we all need to take seriously – now and in future. Anything else is gambling. You can’t afford to rely solely on Microsoft or the other manufacturers. The intensity of these attacks has made it more critical that users and organizations have working and effective security policies.

The extent to which Sobig spread so fast is evidence that many are still without proper Security Policies. With simple policies and awareness, these security threats can easily be contained. Microsoft had warned about the Blaster worm and issued a patch in July, yet many were still affected.

Security policy should include: anti-virus policy - running and maintaining an up-to-date anti-virus product; User policies with regard to Internet, e-mail, attachments, running of programs on Internet Relay Chat (IRC), Instant Messaging (IM), and file-sharing services; Firewall configuration and Filtering of network traffic; Application of software patches; effective data backup policy; Contingency planning; Security education of users on IT security such as e-mail and others.

To survive this onslaught, users and organizations need to be proactive by keeping themselves abreast of security issues and developments. As I write this who knows if there has been a new development? Attackers use the element of surprise. Acquire and use relevant knowledge. You have no excuse – so many reliable sources exist - especially on the net. Intelligence is not just the best way it is the only way to fight cyberattacks.

All the best,

Jide Awe

Jide Awe is the Publisher of Contact him at

For more coverage and information related to this topic, head to the IT Articles and Management Resource Center:


  View Jidaw List's profile on LinkedIn




  IT Training and Certification

Career. Jobs. Empower. IT.

Wishing you the best in your Career Development. Be Creative and Persevere ...You will get there



  Jidaw List

  Recommended Links

Jobs in Nigeria

Free Career Development Seminar

Jobs & Career Tips

IT Training & Certification

Nigeria Computers





Ideas are not enough. You must be action oriented to improve your future.



Don't just think but act. You get results not only from thinking but from acting.



You have ideas. You want to achieve. You want opportunity.



But what are you still doing in your comfort zone? The comfort zone is a dangerous place.



"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.



Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.



GO on the offensive now with your Cisco Internetwork PLUS.



What is the use of ideas without action?



Start becoming the achiever you deserve to be.




Page Top  

Original content provided by Copyright 1989-2010 Jidaw Systems Limited All rights reserved.