Home > Security News > Sobig-F Trojan fails to make an impact
Security News:
EMAIL THIS

Sobig-F Trojan fails to make an impact

By Shawna McAlearney, Online Editor, Information Security magazine
22 Aug 2003 | Information Security magazine

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

A predicted massive Internet attack by Trojan code in Sobig-F failed to materialize Friday, and antivirus experts are now saying the virus' activity should begin tapering off.

Sobig-F was scheduled to download an unknown application every Friday and Sunday from Aug. 22 through Sept. 10, between 3 p.m. and 6 p.m. EDT. Virus-infected machines attempted to contact one of 20 remote servers, authenticate and then receive a URL to download and run an application. Santa Clara, Calif.-based Network Associates, Inc. says that those servers didn't respond.

NAI says 15 of the remote servers were disabled by their ISPs; five are unavailable for unknown reasons. "This prevented Sobig-F from spreading as anticipated," says Craig Schmugar, a virus research engineer at NAI. "We expect the same results going forward."

Symantec believes the virus has the ability to update the master list of servers during the payload launch time.

Infected machines are programmed to check for a new list of servers to contact, but Kevin Haley, group product manager at Symantec Security Response says, "If the servers aren't up, it can't happen. I would expect none of the servers will be available Sunday -- we expect that the threat has really passed."

Sobig-F is programmed to stop spreading Sept. 10; the next variant is expected on or near Sept. 11. "Sobig's creator has developed a predictable pattern of releasing new variants soon after the current version deactivates itself," says Steven Sundermeier, vice president of products and services at Central Command, based in Medina, Ohio. "If the past repeats itself, we could be looking at a newly constructed creation shortly after Sept. 10."

Some antivirus experts were speculating that the Sobig-F writer would use infected machines -- also known as zombies -- to launch a distributed denial-of-service attack.

"The code downloaded by Sobig-F could do anything that is possible through a program," says Graham Cluley, senior antivirus technologist at Sophos. "So, it could range from wiping out files, to stealing information or displaying a jpeg of Bill Gates without any trousers on."

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Sobig-F ready to download mystery program

Virus Alert: Sobig-F and Nachi

SearchSecurity.com news exclusive: "Sobig-F reaching epidemic proportions



Tags: IndustryVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts