August 8th, 2003, 12:42 PM
As per my usual Heads up.. only Higher risk Threats are listed here.. ie Symantec's Cat 2 or higher..
Symantec Info Page
This ones entry is due to its Distribution Capability.
Summary of Threat
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
W32.Sowsat.B@mm is a mass-mailing worm that spreads by using its own SMTP engine. The email will have variable subjects and variable attachment names. The attachment should have a .exe file extension.
An email claiming to be from Symantec was spammed to a large number of individuals in an attempt to get users to download and execute this worm. Please see the Additional information section for details.
W32.Sowsat.B@mm is written in Borland Delphi and is packed with UPX.
Also Known As: I-Worm.Sowsat.f [KAV]
Infection Length: 324,608 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP (and your surprised?)
Connects to its SMTP server (smtp.ig.com.br) and sends one of the following four email messages:
Message: New virus in "The Wild" called "W32/Cow".Spreads through e-mail and IRC.A solution is this free program.Send this message to your friends.
Thank you, AVP Team
This threat is listed on the other AV Sites as:-
McAfee This is an earlier Version 04/26/2002
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr