/* Style Definitions */
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-fareast-font-family:”Times New Roman”;
mso-bidi-font-family:”Times New Roman”;
The main reason
for writing Win32.Sobig is alleged
to be an attempt to create a huge network of zombified computers in order to
conduct DDoS attacks on corporate servers.
Win32.Sobig caused a huge
epidemic: one in 20 e-mail messages was infected with the worm. It is alleged
that Win32.Sobig is the mail worm
that holds the record for the most infected machines worldwide.
worm attacked right after Win32.Sobig.
The Tantalos.b was the first of its
family to exploit the Iframe vulnerability in MS Outlook in order to
automatically execute itself. Although it could not match the damage caused by Win32.Sobig, Tantalos scored second in the top of the most aggressive e-mail
worms in 2003.
The Sobig incident prepared the ground for
another Trojan. Sober built on the
panic created by its predecessor in order to spread and multiply at will.
Although it is just a Sobig clone, Sober came with some innovative features:
the accompanying e-mail message was written in a plethora of languages. The
Trojan would detect the user’s language by looking up the destination IP
address. In order to convince the user to execute the attachment, it posed like
a removal tool for Sobig.