The document "Who Wrote Sobig?" was written by the Author Travis group. To ensure that
the group remains anonymous, and that no unauthorized documents are
published using the Author Travis name, we are revoking the public key
and releasing the private key.
The release of the private key enforces the Author Travis group's
non-disclosure agreement by removing the ability to make verifiable claims
related to the investigation's authorship.
The paper was released publicly in order to spur the investigation and help
apprehend the malware authors. It was released anonymously in order to
prevent any sort of bias from detracting from the investigation. The paper
has served its purpose. Any person or group publicly claiming to be "Author Travis"
is a fraud and not the original author(s) of "Who Wrote Sobig?".
As the one year anniversary of the Anti-Virus Reward Program bounty for Sobig approaches, we felt this was an appropriate time to publicly release the current state of our Sobig forensic investigation. Appropriately, the authors of this document have chosen to release it anonymously for many reasons, some of which are:
By releasing the information publicly, we hope to increase tips to law enforcement concerning the Sobig authorship and spur efforts toward apprehension of the malware author(s);
This document shows how computer forensics can identify virus authors. The computer forensic methods demonstrated throughout this document have been utilized to successfully identify authors of other viruses as well;
Our focus is the objective analysis of Sobig. It is our contention, position, and belief that associating this paper with any specific company, organization, group, or individual will only serve to detract from the investigation.
Because this site may be shutdown, you are free to copy this document to other web sites. Please do not modify the contents of this document.
Click on this link to download the document: WhoWroteSobig.pdf SIZE: 304386 bytes