self-replicating malware program

The Sobig worm (also known as Sobig.F worm or W32.Sobig.F@mm) is a computer worm. It was first found on August 18, 2003. At the worst part of the infection, the Sobig worm made up one in every seventeen emails sent.[1][2]

How it workedEdit

The Sobig worm is a large emailing worm that sent itself to any email addresses with file extensions like .dbx, .eml, .hlp, .htm, .html, .mht, .wab, and .txt. The worm often used an email that includes "Re:" to seem as if people were being replied to from someone. The user would then open the email and click on the attachment, running the worm and downloading it on to their computer.[2]


The worm was first found on August 18, 2003. After the infection had started, the worm tried to connect to the Internet to get to updates from 20 different internet servers on August 20. However, security officials were able to cut off and shut down the servers. The worm had a shut off date set for September 10, 2003.[2]


At the height of the infection, the Sobig worm made up one in seventeen emails sent over the internet. The Sobig worm created over 1 million copies of itself for the rest of 2003.[1]


  1. 1.0 1.1 Erbschloe, Michael (2004). Trojans, Worms, and Spyware: A Computer Security Professional's Guide to Malicious Code. Elsevier. p. 47. ISBN 978-0-08-051968-5.
  2. 2.0 2.1 2.2