-
August 8th, 2003, 12:42 PM
#1
Heads Up**W32.Sowsat.B@mm
Hi Guys..
As per my usual Heads up.. only Higher risk Threats are listed here.. ie Symantec's Cat 2 or higher..
Symantec Info Page
W32.Sowsat.B@mm
This ones entry is due to its Distribution Capability.
Threat Assesment
Wild:- Low
Damage:- Low
Distribution:- High
Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Moderate
Summary of Threat
W32.Sowsat.B@mm is a mass-mailing worm that spreads by using its own SMTP engine. The email will have variable subjects and variable attachment names. The attachment should have a .exe file extension.
An email claiming to be from Symantec was spammed to a large number of individuals in an attempt to get users to download and execute this worm. Please see the Additional information section for details.
W32.Sowsat.B@mm is written in Borland Delphi and is packed with UPX.
Also Known As: I-Worm.Sowsat.f [KAV]
Variants: W32.Sowsat@mm
Type: Worm
Infection Length: 324,608 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP (and your surprised?)
Technical Details
Connects to its SMTP server (smtp.ig.com.br) and sends one of the following four email messages:
Message 1:
From: AVP-Team(AVP.Mailer@avp.com)
Subject: AVP-Virus-Warning
Message: New virus in "The Wild" called "W32/Cow".Spreads through e-mail and IRC.A solution is this free program.Send this message to your friends.
Thank you, AVP Team
Attachment: varies
This threat is listed on the other AV Sites as:-
McAfee This is an earlier Version 04/26/2002
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|