Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Origin Of Sobig (And Its Next Phase)

Posted by timothy on from the 5-percent-is-plenty dept.

MrZeebo writes "According to this story at Canada.com, the FBI, along with other authorities, have traced the origin of the Sobig worm. The quick timeline: Apparently, an earlier version of the worm installed a backdoor on a home computer in British Columbia. The creator of the worm used this compromised computer to create a Usenet account with Easynews.com in Phoenix, using a stolen credit card. The worm spread from Usenet, and contained the IP addresses of 20 computers to contact on Friday, and to download an unknown program from those computers. Officials were able to take 19 of these computers offline before the mass-download. However, the 20th computer stayed online, and many copies of the worm were able to get the rogue program. Those that did were merely redirected to a porn site, no damage done. However, now infected computers will continue to try and connect to the other 19 every Friday and Sunday until the worm expires on Sept. 10th." Reader muldoonaz points out this brief Reuters story about the investigation, too.

32 of 500 comments (clear)

  1. Re: Wicked screensaver by JohnGrahamCumming · · Score: 4, Funny

    Please see the attached file for details.

  2. Re: Wicked screensaver by mjmalone · · Score: 4, Funny
    WARNING!!! (from zidane.cc.vt.edu)

    The following message attachments were flagged by the antivirus scanner:

    Attachment [2.2] application.pif, virus infected: W32/Sobig-F. Action taken: deleted
    PWN'D
    --
    Visualize the world of wine
  3. Re:Another day, another worm by Anonymous Coward · · Score: 1, Funny

    Ultimately, could Microsoft be blamed for these viruses?

    Of course not you tool. This worm spread VIA USENET AND E-MAIL. Christ, RTFA before spouting your anti-MS BS.

  4. Re:What a nice guy though by EpsCylonB · · Score: 5, Funny

    Anyone else think this sounds like a bad hollywood plot ?

    We only have 48 hours to shut down 20 randomn computers or the internet is brought to it's knees.

  5. Already exists by Ciderx · · Score: 4, Funny

    Its called "W32/SitePostedOnSlashdot"

  6. Re:What a nice guy though by Anonymous Coward · · Score: 2, Funny

    Speed meets The Net. Three cheers for Sandra Bullock!

  7. No Problems Here by Anonymous Coward · · Score: 4, Funny

    I don't have any friends so I don't really get any e-mail.

  8. this is why by commodoresloat · · Score: 4, Funny

    This is why worms need to be open source. Proprietary worms do a disservice to the worm community!

  9. Re:Stupid, Offtopic, Newbie, Question by MyHair · · Score: 3, Funny

    What's the difference between a worm and a virus?

    You see, a virus is what we doctors call
    very very small. So small it could not possibly have made off with a
    whole leg.

  10. Who cares about the virus.... by Dark+Lord+Seth · · Score: 2, Funny

    Which porn site was affected? I need to find out for er... damage control, yeah!

    --
    Hate me!
  11. Re: What a nice guy though by Black+Parrot · · Score: 2, Funny


    > Anyone else think this sounds like a bad hollywood plot? We only have 48 hours to shut down 20 randomn computers or the internet is brought to it's knees.

    Worm author sells movie rights to pay legal fees...

    --
    Sheesh, evil *and* a jerk. -- Jade
  12. Re:Idiots. by MyHair · · Score: 3, Funny

    Edit that slightly and send it to Microsoft:
    -----
    Come on, if you're going to write an OS, do it right.

    Don't use 20 predetermined machines from which to fetch updates; generate an unstructured network while you're spreading (remember who sued you, and trade alliances randomly).

    Don't fetch and install any updates provided to you; use RSA signatures to verify that they are legitimate.

    Don't use canned, easy to filter, subject lines in your email messages; borrow subject lines from your host's mail spool (optionally, do so with only a small probability -- let evolution determine which subject lines are the most effective).

    In short: If you're going to release some software which you want to see on millions of machines around the world, try not to embarrass yourself.

  13. Re:Movie - dear god, it's the plot of Hackers! by Anonymous Coward · · Score: 1, Funny

    Next stage will be when the sobig virus targets the stability software on oil tankers... and Angelina Jolie will rescue us with her superfast laptop running a huge *28.8 modem*...

    Ahh... nostalgia for things that have only just happened - that's what I love about being a science fiction fan!

  14. Re:Sobig was created to defeat Bayesian Filters. by joepa · · Score: 3, Funny

    I am a small businessperson[...]

    I received an email a few days ago from someone who says that they can help you with this problem...

  15. Re:What a nice guy though by Anonymous Coward · · Score: 2, Funny

    You're being redundant. All you have to say is "sounds like a hollywood plot." "Bad" is inferred.

  16. You just like saying schadenfeude by simetra · · Score: 2, Funny

    Admit it.

    --

    "Would it kill you to put down the toilet seat?" -- Maya Angelou
  17. Re: Wicked screensaver by ChilyWily · · Score: 5, Funny

    hehe- Couldn't resist: Today's userfriendly strip is perfect :)

  18. Re:Question by Bin-tec · · Score: 4, Funny

    So, when will us Mac users going to get some excitement with some viruses? I'm kinda bored about clicking on those links that won't do anything.

  19. Re: y'know what I'm wondering... by Black+Parrot · · Score: 3, Funny


    > Is why any virus writers ever get caught. [...] they simply have to go down to their local library and/or cyber cafe wearing a wig and makeup, stick the floppy in, click, then leave, what's the problem?

    I used to do that, but I got tired of having all the geeks try to pick me up while I was there.

    --
    Sheesh, evil *and* a jerk. -- Jade
  20. This is what the writer should have done. by codepunk · · Score: 3, Funny

    He should have had this virus download a copy of the linux kernel from the SCO web site and save it to the system. SCO would have loved this as they could have then sold a Unix Ware license to the entire world. Oh hell we could have even shown that SCO infact distributed the linux kernel to every PC in the world.

    --


    Got Code?
  21. No damage by Arandir · · Score: 4, Funny

    Those that did were merely redirected to a porn site, no damage done.

    No damage done! My dear poor mother got redirected to goatse.cx! The psychiatry bills alone will cost a quarter of a million dollars.

    --
    A Government Is a Body of People, Usually Notably Ungoverned
  22. Re:Nobody seems to care. by Safety+Cap · · Score: 2, Funny
    Because we don't send people to life terms, or subject them to death/dismemberment, for stealing said cars some people feel that it's worth the risk to do so.
    If that were the case, then Texas would have zero homicides, since it is the hangingest state in the union.
    --
    Yeah, right.
  23. Re:Question by snake_dad · · Score: 2, Funny

    Don't give mom the root password...

    --
    karma capped .sig seeking available Slashdot poster for long-term relationship.
  24. Re: Wicked screensaver by eponymous+flower · · Score: 3, Funny

    Wicked?? Is this virus writer from Boston or 1986?

    --
    You say self-important egomaniac like it's a bad thing. - Peter Dragon
  25. Re: Wicked screensaver by Anonymous Coward · · Score: 1, Funny

    There's really only one User Friendly comic

  26. Re:Quit using C/C++, lose the buffer overflows by makapuf · · Score: 2, Funny
    I was fortunately able to work entirely without C for the last 10 years or so


    Whoah ! Where people able to understand what you told them ? Like, " 'mon ! hek that web page and ut n' paste the ommon errors !" But that's nothing ! I gave up with all vowels ! (ppl tnd t thnk spk lk n nsct, thgh).
  27. Re:Another day, another worm by Anonymous Coward · · Score: 1, Funny
    Great points.

    The Microsoft "O/S" has certainly bloated over the years, and is probably the main problem. As with any code shop, the biggest goal is just to get it to work!! Millions of lines of code, thousands of programmers, just organizing it sounds scary. And we always hear about the dates slipping -- and that's just to get it working in a non buggish sorta way. I doubt this leaves much time to try and figure out ways it can be exploited!


    I could go on, but I really wanted to respond about your Palladium comment. Usually when I read stories about viruses, hacks, etc, I smile. Not maliciously, but just in the spirit of the hack. But lately, this kind of shit just makes me concerned that this will slide us into DRM. And that's bad.


    By the way, isn't this an Outlook Explorer problem, and not really an OS problem? I was just wondering because I run Win98 on two main machines, without a virus checker. And have never been hit with these bad viruses. But I also sit behind a Linksys firewall, Zonealarm, use web-base email only, and don't click on EXE & SCR's.

  28. Good point... by Anonymous Coward · · Score: 1, Funny

    Don't believe the parent.

  29. Re:Another day, another worm by magores · · Score: 3, Funny

    I blame the the EU that clicks on the virus.

    (Go ahead and make fun of the following thought process...)

    ---Gunsmiths make Guns = MS makes OS
    ---Bulletsmiths make Bullets = Virus writers make viruses
    ---Dumb people look at the bullet through the barrel and pull the trigger = Dumb people click on *.pif, *.scr ...

  30. Re:Correction by MegaFur · · Score: 3, Funny

    Newsman: Next up on our program--when l33t sp33k meets Engrish

    Example: !4ANG3R! A d@n93r0u5 +0y. +h15 +0y 15 b31n9 m@d3 4 +h3 x+r3m3 pr10r1+y +h3 900d luk5. The l1++l3 p@rt wh1ch 5uph0c@+35 when the sharp p@r+ which 93+5 hurt 15 5w@ll0w3d is c0n+@1n3d 93n3r0u5ly. 0n1y the p3r50n wh0 c@n +@k3 r35p0n51b1l1+y by 1+53lph 15 +0 p1@y.

    You may now gibber.

    --
    Furry cows moo and decompress.
  31. Got you beat by Anonymous Coward · · Score: 1, Funny

    I don't even get any spam.

  32. Re:What a nice guy though by Anonymous Coward · · Score: 1, Funny

    damn it.. if only we could stuff The Matrix in here we might be able to see Sandra Bullock in a cat suit...