Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Three Years After Sobig.f, Next Attack Cycle Starting

The upcoming third-year anniversary of the Sobig.f worm was marked Friday by a security researcher who said its role in creating today's flood of phishing attacks and spyware means the next attack cycle will be even more virulent.

Sobig.f, a worm that first appeared in August 2003 but which included a self-imposed cut-off date of Sept. 10, 2003, was the first significant malicious attack loaded into an e-mail attachment, said Mark Sunner, the chief technology officer of U.K.-based security vendor MessageLabs.

"Hindsight is fantastic, it makes things so clear when you look back and interpret events. That's the case with Sobig.f, which was particularly significant because it was the first virus that truly was all about spam.

"The whole Sobig family was incredibly significant because that was the point where spam and viruses converged." Before that, Sunner argued, the worst threats were self-replicating worms that attacked network vulnerabilities, such as 2003's MSBlast, or mass-mailed macro-based exploits like 1999's Melissa.

Hackers turned to spam in part, said Sunner, because by late 2002, the U.S. and the EU were ready to put anti-spam legislation into place. "That spam was now 'bad' didn't stop spammers, it just drove them further underground," said Sunner, and into the ranks of hackers, who quickly discovered that by mass-mailing malicious code as e-mail attachments, they could amplify the impact and reach of their work. In rapid succession, follow-on malware such as MyDoom and Bagle used the same tactics.

  • 1