Welcome to the Virus Encyclopedia of Panda Security.
Sobig.F is a worm that spreads via e-mail and across shared network drives.
When Sobig.F spreads via e-mail, it reaches the computer in a message of variable characteristics and an attached file that almost always has a PIF extension. When it spreads across shared network drives, Sobig.F attempts to copy itself to those drives where it has gained access to.
Sobig.F sends UDP packets to the port 8998 of certain IP addresses, which answer with a web page address that the worm will access to download a file. It then opens ports 995 through 999 on the affected computer, and waits for control commands to be received.
Sobig.F is easy to recognize when it spreads via e-mail, as it reaches the computer in a message with the following characteristics: