The upcoming third-year anniversary of the Sobig.f worm was marked Friday by a security researcher who said its role in creating today's flood of phishing attacks and spyware means the next attack cycle will be even more virulent.
Sobig.f, a worm that first appeared in August 2003 but which included a self-imposed cut-off date of Sept. 10, 2003, was the first significant malicious attack loaded into an e-mail attachment, said Mark Sunner, the chief technology officer of U.K.-based security vendor MessageLabs.
"Hindsight is fantastic, it makes things so clear when you look back and interpret events. That's the case with Sobig.f, which was particularly significant because it was the first virus that truly was all about spam.
"The whole Sobig family was incredibly significant because that was the point where spam and viruses converged." Before that, Sunner argued, the worst threats were self-replicating worms that attacked network vulnerabilities, such as 2003's MSBlast, or mass-mailed macro-based exploits like 1999's Melissa.
Hackers turned to spam in part, said Sunner, because by late 2002, the U.S. and the EU were ready to put anti-spam legislation into place. "That spam was now 'bad' didn't stop spammers, it just drove them further underground," said Sunner, and into the ranks of hackers, who quickly discovered that by mass-mailing malicious code as e-mail attachments, they could amplify the impact and reach of their work. In rapid succession, follow-on malware such as MyDoom and Bagle used the same tactics.