Computer Security Wiki
  • I-Worm.Sobig.a (Kaspersky Lab)
  • W32/Sobig.a@MM (McAfee)
  • W32.Sobig.A@mm (Symantec)
  • Win32.HLLM.Reteras (Doctor Web)
  • W32/Sobig-A (Sophos)
  • Win32/Sobig.A@mm (RAV)
  • WORM_SOBIG.A (Trend Micro)
  • Worm/Sobig.A (Avira)
  • W32/Sobig.A@mm (FRISK)
  • Win32:Sobig (ALWIL)
  • I-Worm/Sobig.A (AVG)
  • Win32.Sobig.A@mm (SOFTWIN)
  • Worm.Sobig.A (ClamAV)
  • W32/Sobig (Panda)
  • Win32/Sobig.A (Eset)
Type Worm
Affected platform/s Microsoft Windows
Smallwikipedialogo.png Most of this page uses content from Wikipedia. The original article was at Sobig (computer worm).
The list of authors can be seen in the page history. As with Computer Security Wiki, the text of Wikipedia is available under the GNU Free Documentation License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.

The Sobig worm is a computer worm that infected millions of Internet-connected, Microsoft Windows computers in August 2003. It spreadg via the Internet as an attachment to infected emails. It also downloads and sets up a backdoor program.

The worm itself is a Windows PE EXE file about 64 KB in length (when compressed by TeLock), and written in Microsoft Visual C++.

Although there were indications that tests of the worm were carried out as early as August 2002, Sobig.A was first found in the wild in January 2003. Sobig.B was released on May 2003. It was first called Palyh, but was later renamed to Sobig.B after anti-virus experts discovered it was a new generation of Sobig. Sobig.C was released May 31 and fixed the timing bug in Sobig.B. Sobig.D came a couple of weeks later followed by Sobig.E in June 25. On August 19, Sobig.F became known and set a record in sheer volume of e-mails.


External links[]