Heads Up**W32.Sowsat.B@mm
Hi Guys..
As per my usual Heads up.. only Higher risk Threats are listed here.. ie Symantec's Cat 2 or higher..
Symantec Info Page
W32.Sowsat.B@mm
This ones entry is due to its Distribution Capability.
Threat Assesment
Quote:
Wild:- Low
Damage:- Low
Distribution:- High
Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Moderate
Summary of Threat
Quote:
W32.Sowsat.B@mm is a mass-mailing worm that spreads by using its own SMTP engine. The email will have variable subjects and variable attachment names. The attachment should have a .exe file extension.
An email claiming to be from Symantec was spammed to a large number of individuals in an attempt to get users to download and execute this worm. Please see the Additional information section for details.
W32.Sowsat.B@mm is written in Borland Delphi and is packed with UPX.
Also Known As: I-Worm.Sowsat.f [KAV]
Variants: W32.Sowsat@mm
Type: Worm
Infection Length: 324,608 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP (and your surprised?)
Technical Details
Quote:
Connects to its SMTP server (smtp.ig.com.br) and sends one of the following four email messages:
Message 1:
From: AVP-Team(
[email protected])
Subject: AVP-Virus-Warning
Message: New virus in "The Wild" called "W32/Cow".Spreads through e-mail and IRC.A solution is this free program.Send this message to your friends.
Thank you, AVP Team
Attachment: varies
This threat is listed on the other AV Sites as:-
McAfee This is an earlier Version 04/26/2002
Cheers
