Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Origin Of Sobig (And Its Next Phase)

Posted by timothy on from the 5-percent-is-plenty dept.

MrZeebo writes "According to this story at Canada.com, the FBI, along with other authorities, have traced the origin of the Sobig worm. The quick timeline: Apparently, an earlier version of the worm installed a backdoor on a home computer in British Columbia. The creator of the worm used this compromised computer to create a Usenet account with Easynews.com in Phoenix, using a stolen credit card. The worm spread from Usenet, and contained the IP addresses of 20 computers to contact on Friday, and to download an unknown program from those computers. Officials were able to take 19 of these computers offline before the mass-download. However, the 20th computer stayed online, and many copies of the worm were able to get the rogue program. Those that did were merely redirected to a porn site, no damage done. However, now infected computers will continue to try and connect to the other 19 every Friday and Sunday until the worm expires on Sept. 10th." Reader muldoonaz points out this brief Reuters story about the investigation, too.

17 of 500 comments (clear)

  1. Re: Wicked screensaver by JohnGrahamCumming · · Score: 4, Funny

    Please see the attached file for details.

  2. Re: Wicked screensaver by mjmalone · · Score: 4, Funny
    WARNING!!! (from zidane.cc.vt.edu)

    The following message attachments were flagged by the antivirus scanner:

    Attachment [2.2] application.pif, virus infected: W32/Sobig-F. Action taken: deleted
    PWN'D
    --
    Visualize the world of wine
  3. Re:What a nice guy though by EpsCylonB · · Score: 5, Funny

    Anyone else think this sounds like a bad hollywood plot ?

    We only have 48 hours to shut down 20 randomn computers or the internet is brought to it's knees.

  4. Already exists by Ciderx · · Score: 4, Funny

    Its called "W32/SitePostedOnSlashdot"

  5. No Problems Here by Anonymous Coward · · Score: 4, Funny

    I don't have any friends so I don't really get any e-mail.

  6. this is why by commodoresloat · · Score: 4, Funny

    This is why worms need to be open source. Proprietary worms do a disservice to the worm community!

  7. Re:Stupid, Offtopic, Newbie, Question by MyHair · · Score: 3, Funny

    What's the difference between a worm and a virus?

    You see, a virus is what we doctors call
    very very small. So small it could not possibly have made off with a
    whole leg.

  8. Re:Idiots. by MyHair · · Score: 3, Funny

    Edit that slightly and send it to Microsoft:
    -----
    Come on, if you're going to write an OS, do it right.

    Don't use 20 predetermined machines from which to fetch updates; generate an unstructured network while you're spreading (remember who sued you, and trade alliances randomly).

    Don't fetch and install any updates provided to you; use RSA signatures to verify that they are legitimate.

    Don't use canned, easy to filter, subject lines in your email messages; borrow subject lines from your host's mail spool (optionally, do so with only a small probability -- let evolution determine which subject lines are the most effective).

    In short: If you're going to release some software which you want to see on millions of machines around the world, try not to embarrass yourself.

  9. Re:Sobig was created to defeat Bayesian Filters. by joepa · · Score: 3, Funny

    I am a small businessperson[...]

    I received an email a few days ago from someone who says that they can help you with this problem...

  10. Re: Wicked screensaver by ChilyWily · · Score: 5, Funny

    hehe- Couldn't resist: Today's userfriendly strip is perfect :)

  11. Re:Question by Bin-tec · · Score: 4, Funny

    So, when will us Mac users going to get some excitement with some viruses? I'm kinda bored about clicking on those links that won't do anything.

  12. Re: y'know what I'm wondering... by Black+Parrot · · Score: 3, Funny


    > Is why any virus writers ever get caught. [...] they simply have to go down to their local library and/or cyber cafe wearing a wig and makeup, stick the floppy in, click, then leave, what's the problem?

    I used to do that, but I got tired of having all the geeks try to pick me up while I was there.

    --
    Sheesh, evil *and* a jerk. -- Jade
  13. This is what the writer should have done. by codepunk · · Score: 3, Funny

    He should have had this virus download a copy of the linux kernel from the SCO web site and save it to the system. SCO would have loved this as they could have then sold a Unix Ware license to the entire world. Oh hell we could have even shown that SCO infact distributed the linux kernel to every PC in the world.

    --


    Got Code?
  14. No damage by Arandir · · Score: 4, Funny

    Those that did were merely redirected to a porn site, no damage done.

    No damage done! My dear poor mother got redirected to goatse.cx! The psychiatry bills alone will cost a quarter of a million dollars.

    --
    A Government Is a Body of People, Usually Notably Ungoverned
  15. Re: Wicked screensaver by eponymous+flower · · Score: 3, Funny

    Wicked?? Is this virus writer from Boston or 1986?

    --
    You say self-important egomaniac like it's a bad thing. - Peter Dragon
  16. Re:Another day, another worm by magores · · Score: 3, Funny

    I blame the the EU that clicks on the virus.

    (Go ahead and make fun of the following thought process...)

    ---Gunsmiths make Guns = MS makes OS
    ---Bulletsmiths make Bullets = Virus writers make viruses
    ---Dumb people look at the bullet through the barrel and pull the trigger = Dumb people click on *.pif, *.scr ...

  17. Re:Correction by MegaFur · · Score: 3, Funny

    Newsman: Next up on our program--when l33t sp33k meets Engrish

    Example: !4ANG3R! A d@n93r0u5 +0y. +h15 +0y 15 b31n9 m@d3 4 +h3 x+r3m3 pr10r1+y +h3 900d luk5. The l1++l3 p@rt wh1ch 5uph0c@+35 when the sharp p@r+ which 93+5 hurt 15 5w@ll0w3d is c0n+@1n3d 93n3r0u5ly. 0n1y the p3r50n wh0 c@n +@k3 r35p0n51b1l1+y by 1+53lph 15 +0 p1@y.

    You may now gibber.

    --
    Furry cows moo and decompress.