The Sobig-F worm accounted for almost 20pc of all reports to Sophos during 2003, making it the hardest hitting virus of the year. The anti-virus manufacturer revealed the news in its list of top viruses in 2003.
The mass-mailing Sobig-F worm was followed closely by the Blaster worm, which attempted to knock a Microsoft website off the internet. Both these viruses – plus the third-placed Nachi worm – hit businesses and home users during August 2003, making it the worst single month in virus history.
“August 2003 was a really difficult month for IT departments in Ireland,” said Niall Browne, security architect with Irish Internet security company Entropy. “The month saw an exponential increase in the number of viruses and worms affecting both home users and business organisations. Such was the prevalence of these viruses that entire networks were infected. They had to be separated from the corporate networks so as to prevent a complete system shutdown. Many of the Irish sites were protected during the first wave of attack by their firewall installations but were infected by laptop users as they were infected at home and then they brought the virus into work.”
The top ten viruses of the year are as follows:
“Sobig-F unquestionably wins the dubious title of ‘Worm of the year’,” said Graham Cluley, senior technology consultant for Sophos. “It spread more ferociously than any virus ever seen before, swamping email inboxes. Some companies reported seeing hundreds of thousands of infected emails every day. Throughout the year, in the run-up to Sobig-F, the worm’s author released new variants of Sobig almost as if he were seeing which techniques would be the most successful.”
Cluley added: “Ironically some of the people worst impacted by Sobig-F were the spammers. They found that they could not send their millions of spams as easily because their email gateways were deluged by Sobig traffic. Microsoft has issued a substantial financial reward for evidence leading to the arrest and conviction of Sobig’s author, but we seem to be no closer to identifying him or her.”
Blaster, the year’s second most prevalent worm, did not use email to distribute itself, but spread like wildfire across the internet. Containing a mocking message for Microsoft’s chairman Bill Gates, it attempted to blast one of Microsoft’s websites off the internet, leading the industry giant to take evasive action. Ironically, the third placed Nachi worm tried to undo the damage done to computers infected by the Blaster worm; in reality it only added to the chaos. Both Blaster and Nachi continue to infect unprotected computers four months later.
Sophos has detected 7,064 new viruses, worms and Trojan horses to date this year, bringing the total protected against to more than 86,000.
Of course with a few weeks still to go in 2003, things could all change.