June 26th, 2003, 12:35 AM
Latest version of Sobig
Info found here on Symantec
Please read this and check with your favorite AV company for further info
Cheers (sry for lack of inf guys.. at work don't have time)
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
June 26th, 2003, 06:29 AM
Thanks for the heads-up Und3ertak3er, I just received an e-mail with Sobig.E virus and tested my AV software with it, nailed it good.
I could tell by the subject line "Re: Application" that it was a virus but I was not sure which one. I received it as a .zip file and when unzipped it appeared as a .pif file.
June 26th, 2003, 07:17 AM
Here is part of what McAfee says on it:
W32/Sobig.e@MM Medium 6/25/2003
-- Update June 25, 2003 --
This threat was upgraded to a Medium risk due to an increase in prevalence over the past few hours.
This variant is similar to W32/Sobig.d@MM. The worm propagates via email and over network shares. It contains its own SMTP engine for constructing outgoing messages. The virus is sent in a ZIP archive, allowing it to bypass extension blocking rules. However, this requires the end user to perform extra steps in order to actually execute the virus.
The worm may arrive in an email with the following characteristics:
Body: Please see the attached zip file for details.
Attachment: your_details.zip (which contains details.pif)
* Note: This variant spoofs, or forges, the from address. Therefore the perceived sender is likely not a pointer to the infected user.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"