SoBig.F Packs Few Design Surprises | eWeek

SoBig.F Packs Few Design Surprises

Verfasst von
Dennis Fisher
Dennis Fisher
Aug 26, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

It turns out that SoBig.F is even less original than previously thought.

The self-updating capability that had anti-virus experts, users and even the FBI scrambling this weekend was in fact present in some of the earlier versions of the virus, albeit in a somewhat less advanced form.

“That capability was in previous versions. I think what set off the red flag this time is the prevalence of this version and the potential for what could happen,” said Ian Hameroff, eTrust security strategist at Computer Associates International Inc., in Islandia, N.Y.

A couple of anti-virus vendors on Friday announced that they had discovered a new feature of SoBig.F that instructed infected machines to connect to one of 20 IP addresses that were hidden in the viruss code. The PCs were then supposed to download and execute an unknown file. Security experts feared that the file could be a Trojan or some tool for launching a broader attack.

However, authorities were able to locate and shut down the vast majority of the 20 machines, and the expected onslaught of activity never materialized. The self-updating capability was first seen in SoBig.C, but until this latest version, none of the viruses had the list of IP addresses for infected machines to contact.

Although they were able to deflect the mystery attack, anti-virus experts nonetheless are still worried about the long-term implications of SoBig.F. The virus spread more quickly than any other piece of malware in history and has infected countless machines. It is the sixth version of the SoBig virus to appear, and each iteration of the virus also contains an expiration date, after which the virus is programmed to stop trying to spread.

These facts have led some experts to speculate that the SoBig viruses are being written, released and subsequently improved upon by professionals who have some larger goal in mind than simply flooding inboxes with useless e-mail.

The fact that some portion of the self-updating feature was in previous versions of the virus would appear to bolster the argument for this trial-and-error scenario. But some in the anti-virus community dont buy it.

“We havent seen any evidence of this being used as a mechanism for sending commercial spam,” said Chris Wraight, technology consultant at Sophos Inc., an enterprise anti-virus company based in Lynnfield, Mass. “Its definitely weird that a new one is released so often. Its almost like beta testing.”

Discuss this in the eWeek forum.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.