Sobig.F Virus

Information about the 'Sobig.F' worm.

Virus name:   Sobig.F

Status:   Real.

Origins:   Sobig.F is the latest variant of yet another mass-mailing worm which exploits a vulnerability in the Microsoft Outlook e-mail client on Windows 95, 98, ME, NT, 2000, and XP platforms to replicate itself by mailing out messages with forged return addresses. The payload is contained in attachments to messages bearing one of the following subject lines:

  • My Details

  • Your Details

  • Thank you!

  • That movie

  • Approved

  • Application

  • Wicked screensaver

  • Re: My Details

  • Re: Your Details

  • Re: Thank you!

  • Re: That movie

  • Re: Details

  • Re: Approved

  • Re: Your application

  • Re: Wicked screensaver

The file name of the infected attachment will match one of the following:

  • wicked_scr.scr

  • movie0045.pif

  • your_document.pif

  • document_all.pif

  • thank_you.pif

  • your_details.pif

  • details.pif

  • document_9446.pif

  • application.pif

Trend Micro provides a system cleaner on its web site which will remove Sobig.F.

Additional Information:


Last updated:   29 January 2008


Dear Reader, has long been engaged in the battle against misinformation, an effort we could not sustain without support from our audience. Producing reliable fact-checking and thorough investigative reporting requires significant resources. We pay writers, editors, web developers, and other staff who work tirelessly to provide you with an invaluable service: evidence-based, contextualized analysis of facts. Help us keep strong. Make a direct contribution today. Learn More.

Donate with PayPal