Fact Check

Sobig.F Virus

Information about the 'Sobig.F' worm.

Published Aug 19, 2003

Virus name:   Sobig.F

Status:   Real.

Origins:   Sobig.F is the latest variant of yet another mass-mailing worm which exploits a vulnerability in the Microsoft Outlook e-mail client on Windows 95, 98, ME, NT, 2000, and XP platforms to replicate itself by mailing out messages with forged return addresses. The payload is contained in attachments to messages bearing one of the following subject lines:

  • My Details

  • Your Details

  • Thank you!

  • That movie

  • Approved

  • Application

  • Wicked screensaver

  • Re: My Details

  • Re: Your Details

  • Re: Thank you!

  • Re: That movie

  • Re: Details

  • Re: Approved

  • Re: Your application

  • Re: Wicked screensaver

The file name of the infected attachment will match one of the following:

  • wicked_scr.scr

  • movie0045.pif

  • your_document.pif

  • document_all.pif

  • thank_you.pif

  • your_details.pif

  • details.pif

  • document_9446.pif

  • application.pif

Trend Micro provides a system cleaner on its web site which will remove Sobig.F.

Additional Information:


Last updated:   29 January 2008


David Mikkelson founded the site now known as snopes.com back in 1994.

Read More

a Member

Your membership is the foundation of our sustainability and resilience.


Ad-Free Browsing on Snopes.com
Members-Only Newsletter
Cancel Anytime