SoBig.F Packs Few Design Surprises
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

SoBig.F Packs Few Design Surprises

Written By
Dennis Fisher
Dennis Fisher
Aug 26, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

It turns out that SoBig.F is even less original than previously thought.

The self-updating capability that had anti-virus experts, users and even the FBI scrambling this weekend was in fact present in some of the earlier versions of the virus, albeit in a somewhat less advanced form.

“That capability was in previous versions. I think what set off the red flag this time is the prevalence of this version and the potential for what could happen,” said Ian Hameroff, eTrust security strategist at Computer Associates International Inc., in Islandia, N.Y.

A couple of anti-virus vendors on Friday announced that they had discovered a new feature of SoBig.F that instructed infected machines to connect to one of 20 IP addresses that were hidden in the viruss code. The PCs were then supposed to download and execute an unknown file. Security experts feared that the file could be a Trojan or some tool for launching a broader attack.

However, authorities were able to locate and shut down the vast majority of the 20 machines, and the expected onslaught of activity never materialized. The self-updating capability was first seen in SoBig.C, but until this latest version, none of the viruses had the list of IP addresses for infected machines to contact.

Although they were able to deflect the mystery attack, anti-virus experts nonetheless are still worried about the long-term implications of SoBig.F. The virus spread more quickly than any other piece of malware in history and has infected countless machines. It is the sixth version of the SoBig virus to appear, and each iteration of the virus also contains an expiration date, after which the virus is programmed to stop trying to spread.

These facts have led some experts to speculate that the SoBig viruses are being written, released and subsequently improved upon by professionals who have some larger goal in mind than simply flooding inboxes with useless e-mail.

The fact that some portion of the self-updating feature was in previous versions of the virus would appear to bolster the argument for this trial-and-error scenario. But some in the anti-virus community dont buy it.

“We havent seen any evidence of this being used as a mechanism for sending commercial spam,” said Chris Wraight, technology consultant at Sophos Inc., an enterprise anti-virus company based in Lynnfield, Mass. “Its definitely weird that a new one is released so often. Its almost like beta testing.”

Discuss this in the eWeek forum.
Dennis Fisher
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information