Und3ertak3r
June 26th, 2003, 01:35 AM
Latest version of Sobig
Info found here on Symantec (http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html)
Please read this and check with your favorite AV company for further info
Cheers (sry for lack of inf guys.. at work don't have time)
ccKid
June 26th, 2003, 07:29 AM
Thanks for the heads-up Und3ertak3er, I just received an e-mail with Sobig.E virus and tested my AV software with it, nailed it good.
I could tell by the subject line "Re: Application" that it was a virus but I was not sure which one. I received it as a .zip file and when unzipped it appeared as a .pif file.
Thanks again,
::coffee::
ccKid
moxnix
June 26th, 2003, 08:17 AM
Here is part of what McAfee says on it:
www.mcafee.com/anti-virus/
W32/Sobig.e@MM Medium 6/25/2003
http://vil.mcafee.com/dispVirus.asp?virus_k=100429
-- Update June 25, 2003 --
This threat was upgraded to a Medium risk due to an increase in prevalence over the past few hours.
This variant is similar to W32/Sobig.d@MM. The worm propagates via email and over network shares. It contains its own SMTP engine for constructing outgoing messages. The virus is sent in a ZIP archive, allowing it to bypass extension blocking rules. However, this requires the end user to perform extra steps in order to actually execute the virus.
The worm may arrive in an email with the following characteristics:
Body: Please see the attached zip file for details.
Attachment: your_details.zip (which contains details.pif)
* Note: This variant spoofs, or forges, the from address. Therefore the perceived sender is likely not a pointer to the infected user.