1 min read

2003 - Sobig and the Botnet

Bogdan BOTEZATU

December 04, 2008

Promo Protect all your devices, without slowing them down.
Free 30-day trial
2003 - Sobig and the Botnet

Normal
0

21

false
false
false

DE
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}

The main reason
for writing Win32.Sobig is alleged
to be an attempt to create a huge network of zombified computers in order to
conduct DDoS attacks on corporate servers.

Win32.Sobig caused a huge
epidemic: one in 20 e-mail messages was infected with the worm. It is alleged
that Win32.Sobig is the mail worm
that holds the record for the most infected machines worldwide.

Another e-mail
worm attacked right after Win32.Sobig.
The Tantalos.b was the first of its
family to exploit the Iframe vulnerability in MS Outlook in order to
automatically execute itself. Although it could not match the damage caused by Win32.Sobig, Tantalos scored second in the top of the most aggressive e-mail
worms in 2003.

The Sobig incident prepared the ground for
another Trojan. Sober built on the
panic created by its predecessor in order to spread and multiply at will.
Although it is just a Sobig clone, Sober came with some innovative features:
the accompanying e-mail message was written in a plethora of languages. The
Trojan would detect the user’s language by looking up the destination IP
address. In order to convince the user to execute the attachment, it posed like
a removal tool for Sobig.

tags


Author


Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

You might also like

Bookmarks


loader