Worm.sobig.f
Results 1 to 4 of 4

Thread: Worm.sobig.f

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747

    Worm.sobig.f

    QUICK LINKS Solution

    --------------------------------------------------------------------------------

    Virus type: Worm

    Destructive: No

    Aliases: Win32.HLLM.Reteras, W32.Sobig.F@mm, W32/Sobig.f@MM, Sobig.F, Win32.Sobig.F, W32/Sobig-F, I-Worm.Sobig.f

    Pattern file needed: 617

    Scan engine needed: 6.100

    Overall risk rating: Medium

    --------------------------------------------------------------------------------

    Reported infections: Medium

    Damage Potential: High

    Distribution Potential: High



    --------------------------------------------------------------------------------

    Description:



    TrendLabs has received several infection reports of this mass-mailing worm from Norway and Spain. As of 12:19 PM GMT, Trend Micro has declared a Medium Risk alert to control the spread of this malware.

    This worm propagates by mass-mailing copies of itself using its own Simple Mail Transfer Protocol (SMTP) engine. It collects email addresses from files with the following extensions:


    DBX
    HLP
    MHT
    WAB
    HTML
    HTM
    TXT
    EML
    It sends out email messages with the following details:

    Subject: <any of the following:>
    Re: Thank you!
    Thank you!
    Re: Details
    Re: Re: My details
    Re: Approved
    Re: Your application
    Re: Wicked screensaver
    Re: That movie
    Your details

    Message body: <any of the following:>
    See the attached file for details.
    Please see the attached file for details.

    Attachment: <any of the following:>
    your_document.pif
    document_all.pif
    thank_you.pif
    your_details.pif
    details.pif
    document_9446.pif
    application.pif
    wicked_scr.scr
    movie0045.pif

    It may spoof the FROM field using email addresses found on the infected machine so that its email messages appear to originate from one source but was actually sent from another.

    This worm deactivates its propagation routine on September 10, 2003.

    This worm runs on Windows 95, 98, ME, NT, 2000, and XP.
    Source http://www.trendmicro.com/vinfo/viru...e=WORM_SOBIG.F
    =

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,840
    ISPs: Sobig's the biggest virus so far

    Recent data from e-mail service providers pegs the infection caused by the latest variant of the Sobig virus as the largest epidemic of a mass-mailing computer program to date.

    http://news.com.com/2100-1002_3-5066444.html?tag=fd_top

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Already Posted in the "AntiVirus" Forum... Please remember to Search B4 Posting..

    Check this thread.. http://www.antionline.com/showthread...hreadid=247578

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Sorry.

    I did a search for this topic before I posted it but it came up with nothing.

    I'll look myself next time before I post.
    =

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides