Hi Guys..
As per my usual Heads up.. only Higher risk Threats are listed here.. ie Symantec's Cat 2 or higher..

Symantec Info Page


This ones entry is due to its Distribution Capability.

Threat Assesment
Wild:- Low
Damage:- Low
Distribution:- High


Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Moderate
Summary of Threat
W32.Sowsat.B@mm is a mass-mailing worm that spreads by using its own SMTP engine. The email will have variable subjects and variable attachment names. The attachment should have a .exe file extension.

An email claiming to be from Symantec was spammed to a large number of individuals in an attempt to get users to download and execute this worm. Please see the Additional information section for details.

W32.Sowsat.B@mm is written in Borland Delphi and is packed with UPX.

Also Known As: I-Worm.Sowsat.f [KAV]
Variants: W32.Sowsat@mm
Type: Worm
Infection Length: 324,608 bytes

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP (and your surprised?)
Technical Details
Connects to its SMTP server (smtp.ig.com.br) and sends one of the following four email messages:

Message 1:
From: AVP-Team(AVP.Mailer@avp.com)
Subject: AVP-Virus-Warning
Message: New virus in "The Wild" called "W32/Cow".Spreads through e-mail and IRC.A solution is this free program.Send this message to your friends.
Thank you, AVP Team
Attachment: varies

This threat is listed on the other AV Sites as:-
McAfee This is an earlier Version 04/26/2002