2003 - Sobig and the Botnet

The main reason for writing Win32.Sobig is alleged to be an attempt to create a huge network of zombified computers in order to conduct DDoS attacks on corporate servers.

Win32.Sobig caused a huge epidemic: one in 20 e-mail messages was infected with the worm. It is alleged that Win32.Sobig is the mail worm that holds the record for the most infected machines worldwide.

Another e-mail worm attacked right after Win32.Sobig. The Tantalos.b was the first of its family to exploit the Iframe vulnerability in MS Outlook in order to automatically execute itself. Although it could not match the damage caused by Win32.Sobig, Tantalos scored second in the top of the most aggressive e-mail worms in 2003.

The Sobig incident prepared the ground for another Trojan. Sober built on the panic created by its predecessor in order to spread and multiply at will. Although it is just a Sobig clone, Sober came with some innovative features: the accompanying e-mail message was written in a plethora of languages. The Trojan would detect the user's language by looking up the destination IP address. In order to convince the user to execute the attachment, it posed like a removal tool for Sobig.