Sobig virus tops charts for 2003

The Sobig e-mail worm that clogged in-boxes in August was the most prolific virus of 2003, according to a top ten list of viruses published by antivirus software vendor Sophos PLC.

The Abingdon, England company released its list of the year's top viruses Wednesday, which revealed that the Sobig-F variant accounted for almost 20 percent of virus reports to Sophos in 2003, easily besting its next closest rival, the Blaster worm, with 15 percent.

A Blaster derivative, Nachi (also known as Welchia) took the number three spot on the list, followed by Gibe at number four and Dumaru in the fifth spot.

Sophos ranks viruses by the number of infection reports it receives from customers, which may have tipped the scales in Sobig's favor, according to Carole Theriault, a security analyst at Sophos.

Unlike Blaster, Sobig used e-mail to spread and generated massive volumes of e-mail traffic once it infected machines. All those e-mail messages caught the attention of companies, some of which reported receiving hundreds of thousands of infected messages a day, Sophos said.

"Blaster was an Internet worm, so if people applied the necessary Microsoft (Corp.) patches, they didn't get infected. With Sobig, the flow of e-mail was there regardless of whether you had the proper software patches and antivirus updates," Theriault said.

Sophos itself received more than 400,000 Sobig e-mail messages within the first 24 hours after the worm appeared in the wild, she said.

The company was also flooded by calls from customers in the days after the worm began to spread, which vaulted Sobig-F, the sixth version of the worm to appear on the Internet, to the list's number one spot, she said.

However, translating the number of phone calls into information on the number of systems infected with Sobig is difficult, if not impossible, she said.

"It's difficult to say 'this many people were infected,' and that can be misleading. There are a lot of people infected (with Sobig) now who don't know it and are continuing to spread the virus," Theriault said.

Other prominent virus outbreaks did not make it to the list, including the Slammer worm, which appeared in January and targeted Microsoft's SQL Server.

While that worm ranked highly, reports of infections dropped off quickly after the worm initially appeared, as organizations disinfected and patched vulnerable SQL Server installations, she said.

All of the top ten viruses targeted Microsoft's Windows operating system, a trend that Sophos predicts will continue in 2004.

Federal legislation aside, spam will also continue to plague e-mail users next year, with spammers adopting new techniques to get their messages past antispam products and filters, Sophos said.