Recognizing SoBig.F and Blaster

 

 

Blaster Worm

 

The Blaster worm is best known for causing computers to reboot, seemingly for no reason. Computer users can contract the worm simply by being connected to a network— it’s not necessary to open an infected e-mail. Some users whose computers have been infected may not notice the presence of the worm at all, while others who are not infected may experience problems because the worm is attempting to attack their computer. Typical symptoms may include Windows XP and Windows Server 2003 systems rebooting every few minutes without user input, or Windows NT 4.0 and Windows 2000 systems becoming unresponsive.

 

The infection causes computers to crash, disrupts Internet browsing and spreads itself to other computers over a computer network.

 

SoBig.F

 

SoBig.F is a virus that spreads itself through e-mail attachments.  If the files are opened, the virus scans the computer to collect e-mail addresses and then sends scores of messages to the addresses it has collected.  The sheer volume of e-mails the virus is capable of sending is enough to slow down or even crash some computer networks.

 

The e-mails come with various subject lines including:

 

Your details

Thank you!

Re: Thank you!

Re: Details

Re: Re: My details

Re: Approved

Re: Your application

Re: Wicked screensaver

Re: That movie

 

The attached files also have various names including:

 

application.pif

details.pif

document_9446.pif

document_all.pif

movie0045.pif

thank_you.pif

your_details.pif

your_document.pif

wicked_scr.scr

 

The body of the message is short and usually contains either “See the attached file for details” or “Please see the attached file for details.”

 

You can read more about SoBig.F in the news:

 

CNN Story 1:  http://www.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html

CNN Story 2:  http://www.cnn.com/2003/TECH/internet/08/22/sobig.culprit/index.html