|
Admin
Forum Admin
USA
15 Posts |
 Posted - 08/19/2003 : 8:27:44 PM
|
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files with the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm uses its own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares.
Email Routine Details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender).
The worm may use the address admin@internet.com as the sender.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
NOTE: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
This work will infect systems with the foloowing operationg systems: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP.
If you think you have this worm please download this simple removal tool w32.sobig.f@mm.removal.tool.html" target="_blank">w32.sobig.f@mm.removal.tool.html" target="_blank">http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.removal.tool.html
If you have any more questions please reply.
|
|
W32.Sobig.F@mm Worm Virus
Topic Locked
