You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Sobig.B

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Sobig.B
Technical name:W32/Sobig.B
Threat level:Low
Alias:W32/Emesache; W32/Palyh,, W32.HLLM.Ccn, W32.HLLW.Manx@mm, W32/Sobig.B
Type:Worm
Effects:  It downloads files from up to four websites and runs them.
Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:May 18, 2003
Detection updated on:Oct. 25, 2007
StatisticsNo
Yes, using TruPrevent Technologies

Brief Description 

    

Sobig.B is a worm that every two hours tries to download and run four text files from up to four websites in the domain geocities.com, which route the affected computer to a URL with pornographic content.

Sobig.B spreads via e-mail and across networks. The message carrying this worm is easy to identify, as it passes itself off as a message from Microsoft given that the sender is always support@microsoft.com and the message: All information is in the attached file.

Once it has infected a computer, Sobig.B looks for e-mail addresses in all the files it finds on the affected computer with the following extensionsTXT, EML, HTM, HTML, DBX and WAB. It then sends a copy of itself to all these addresses. However, it is important to highlight that it only sends itself out when the system date is prior to May 31.

Sobig.B can also copy itself to the Startup directories in the computers connected to the same network as the affected computer.

Visible Symptoms 

    

Sobig.B is easy to recognize when it spreads via e-mail, as the message always has the following characteristics:

  • Sender:
    support@microsoft.com
  • Message:
    All information is in the attached file.
  • Attachments:
    A file with a PIF extension.