What’s changed in the three years since SoBig spread? | SC Media
Architecture, Application security

What’s changed in the three years since SoBig spread?

September 9, 2006

This Sunday marks an ominous anniversary for network administrators: the third anniversary of the cut-off date for the SoBig virus.

SoBig is considered the first mass-mailing virus to cause widespread destruction to businesses on a global scale and was a trendsetter for viruses to come.

Despite it being programmed to stop disseminating 36 months ago, some firms are still picking up copies of the virus, according to email security firm MessageLabs.

Activity surrounding the virus spikes near the anniversaries of its mid-August birth and its Sept. 10 cut-off date, according to MessageLabs.

A representative from MessageLabs could not be immediately reached for comment on Friday.

One variant of the virus, SoBig.A, was found in the wild in January 2003, with other variants following in the next months. SoBig.F - released in August of that year - was the most widespread of all the variants.

Microsoft announced later that year that they would pay a $250,000 for information leading to its creator's arrest.

The self-replicating worm spreads via email and tricks victims into downloading via social engineering. The worm spreads to email addresses gathered from infected PCs.

MessageLabs CTO Mark Sunner said that SoBig was much different than other viruses of its time in that it was spam oriented and created to make money.

"I think it also heralded the start of the problem we have today in that it was the first virus all about spam. People before that thought of viruses as one problem that's largely malicious and spam as another problem," he said. "SoBig was actually a complete convergence of the two of them."

In the past three years, many email borne viruses reach a greater number of victims than before, according to Scott Petry, CTO and executive vice president of product development for Postini.

"Sober was massive. Sober had a number of variants that were bouncing about. It was Thanksgiving of last year when we quarantined more than 1.2 billion examples of Sober," he said. "Every company in the world is running some type of anti-virus (AV), so they're obviously exploiting something in that AV technology or not keeping up to date to block these viruses."

Petry said his company still ranks SoBig in its top 30 viruses.

 Click here to email online editor Frank Washkuch Jr.

prestitial ad