{
	"id": "6a496b62-1d76-41ca-b2f3-8188695e0aa6",
	"created_at": "2026-04-06T00:21:14.861738Z",
	"updated_at": "2026-04-10T13:11:20.014714Z",
	"deleted_at": null,
	"sha1_hash": "c2047875b7f6772a3c76d420310d1d5072cb90ff",
	"title": "CNN.com - SoBig.F breaks virus speed records",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59278,
	"plain_text": "CNN.com - SoBig.F breaks virus speed records\r\nArchived: 2026-04-05 19:25:20 UTC\r\nFriday, August 22, 2003 Posted: 0625 GMT ( 2:25 PM HKT)\r\nSoBig.F is set to expire next month but until then will wreak more havoc.\r\nSoBig.F is set to expire next month but until then will wreak more havoc.\r\nStory Tools\r\n VIDEO\r\n The SoBig virus is the latest in a series of attacks on computers that are costing\r\nincreasingly more time and money.\r\nSoBig.F Alert\r\nBe on the lookout for the following attachments:\r\napplication.pif\r\ndetails.pif\r\ndocument_9446.pif\r\ndocument_all.pif\r\nmovie0045.pif\r\nthank_you.pif\r\nyour_details.pif\r\nyour_document.pif\r\nwicked_scr.scr\r\nQUICKVOTE\r\nHave you been hit by the SoBig worm?\r\nhttp://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html\r\nPage 1 of 3\n\nYes\r\nNo\r\n(CNN) -- The SoBig.F computer virus -- which has already overwhelmed hundreds of thousands of\r\ncomputers worldwide -- has become the fastest spreading virus ever with experts warning the worst is yet to\r\ncome.\r\nAlready the worm has caused an estimated $50 million of damage in the United States alone.\r\nAmong its casualties: It briefly brought freight and computer traffic in Washington, D.C. to a halt, grounded Air\r\nCanada and slowed down computer systems at many major companies such as advanced technology firm\r\nLockheed Martin.\r\nThe sixth or \"F\" version of the SoBig infection disguises itself in e-mails which once opened scan a computer for\r\ne-mail addresses before sending scores of messages to the addresses it collected via its own inbuilt sending\r\nprogram.\r\nThe SoBig.F outbreak, first detected Monday, began 10 days after the Blaster worm (which itself infected an\r\nestimated 500,000 users) and has already beaten other infamous viruses such as LoveBug, Klez and Kournikova\r\nin terms of spread.\r\nThe first SoBig variant was released in January.\r\nU.S.-based e-mail security group MessageLabs says the virus originated and is most prevalent in the United\r\nStates.\r\n\"This is the most severe e-mail virus we've ever seen,\" MessageLabs' Josh White said.\r\n\"At its peak 1 out of 17 e-mails that we were processing was a copy of the SoBig.F virus. Certainly we haven't\r\nseen numbers like this before. It is spreading at a very fast rate and the volumes are high.\"\r\nInternet service provider AOL (part of the AOL Time Warner group which includes CNN) says it scanned 40.5\r\nmillion e-mails and found the virus in more than half. SoBig accounted for 98 percent of all viruses found.\r\nThe e-mail-borne worm arrives with various subject headers, such as: Your details, Thank you!, Re: Thank you!,\r\nRe: Details, Re: Re: My details, Re: Approved, Re: Your application, Re: Wicked screensaver or Re: That movie.\r\nThe body of the message is short and usually contains either \"See the attached file for details\" or \"Please see the\r\nattached file for details.\"\r\nFooled that the e-mail is legitimate, the user opens the e-mail and triggers the worm, which then goes hunting for\r\naddresses. The flood of messages it then sends are capable of succumbing other users' inboxes or computer\r\nsystems by the sheer volume of e-mails.\r\nWorrying sign\r\nhttp://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html\r\nPage 2 of 3\n\nThe virus also implements a background program that turns an infected computer into a relay system for further\r\nmessages from the virus' creator.\r\nThis part of the virus has led many computer security experts to believe the virus was written to try and beat spam\r\nfilters.\r\nExperts are predicting that though it will soon be brought under control, the infection is likely to spike early next\r\nweek as many people in Europe and the U.S. return to work from (northern hemisphere) summer holidays to\r\nawaiting e-mail inboxes.\r\nHowever, the worm is set to deactivate September 10 and halt further propagation. This itself is a worrying sign.\r\n\"The SoBig virus writer's use of an inbuilt expiry date indicates he is committed to inventing new and improved\r\nversions,\" MessageLabs' chief technology officer Mark Sunner said.\r\n\"Each variant released so far has exceeded the previous one in growth and impact during the critical initial\r\nwindow of vulnerability.\"\r\n-- CNN Correspondent Bill Tucker contributed to this report.\r\nSource: http://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html\r\nhttp://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"http://edition.cnn.com/2003/TECH/internet/08/21/sobig.virus/index.html"
	],
	"report_names": [
		"index.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434874,
	"ts_updated_at": 1775826680,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c2047875b7f6772a3c76d420310d1d5072cb90ff.pdf",
		"text": "https://archive.orkl.eu/c2047875b7f6772a3c76d420310d1d5072cb90ff.txt",
		"img": "https://archive.orkl.eu/c2047875b7f6772a3c76d420310d1d5072cb90ff.jpg"
	}
}