News Stay informed about the latest enterprise technology news and product updates.

Sobig-F Trojan fails to make an impact

A predicted massive Internet attack by Trojan code in Sobig-F failed to materialize Friday, and antivirus experts are now saying the virus' activity should begin tapering off

A predicted massive Internet attack by Trojan code in Sobig-F failed to materialize Friday, and antivirus experts...

are now saying the virus' activity should begin tapering off.

Sobig-F was scheduled to download an unknown application every Friday and Sunday from Aug. 22 through Sept. 10, between 3 p.m. and 6 p.m. EDT. Virus-infected machines attempted to contact one of 20 remote servers, authenticate and then receive a URL to download and run an application. Santa Clara, Calif.-based Network Associates, Inc. says that those servers didn't respond.

NAI says 15 of the remote servers were disabled by their ISPs; five are unavailable for unknown reasons. "This prevented Sobig-F from spreading as anticipated," says Craig Schmugar, a virus research engineer at NAI. "We expect the same results going forward."

Symantec believes the virus has the ability to update the master list of servers during the payload launch time.

Infected machines are programmed to check for a new list of servers to contact, but Kevin Haley, group product manager at Symantec Security Response says, "If the servers aren't up, it can't happen. I would expect none of the servers will be available Sunday -- we expect that the threat has really passed."

Sobig-F is programmed to stop spreading Sept. 10; the next variant is expected on or near Sept. 11. "Sobig's creator has developed a predictable pattern of releasing new variants soon after the current version deactivates itself," says Steven Sundermeier, vice president of products and services at Central Command, based in Medina, Ohio. "If the past repeats itself, we could be looking at a newly constructed creation shortly after Sept. 10."

Some antivirus experts were speculating that the Sobig-F writer would use infected machines -- also known as zombies -- to launch a distributed denial-of-service attack.

"The code downloaded by Sobig-F could do anything that is possible through a program," says Graham Cluley, senior antivirus technologist at Sophos. "So, it could range from wiping out files, to stealing information or displaying a jpeg of Bill Gates without any trousers on."

FOR MORE INFORMATION: news exclusive: "Sobig-F ready to download mystery program

Virus Alert: Sobig-F and Nachi news exclusive: "Sobig-F reaching epidemic proportions

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.