W32.Sobig.C@mm is a mass-mailing worm that sends itself to all the email addresses, purporting to have been sent by Microsoft (
[email protected]). The worm finds the addresses in the files with the following extensions:
.wab
.dbx
.htm
.html
.eml
.txt
Email Routine Details
The email message has the following characteristics:
From:
[email protected]
Subject: The subject line will be one of the following:
Re: Movie
Re: Submited (004756-3463)
Re: 45443-343556
Re: Approved
Approved
Re: Your application
Re: Application
Message Body: Please see the attached file.
Attachment: The attachment name will be one of the following:
screensaver.scr
movie.pif
submited.pif
45443.pif
documents.pif
approved.pif
application.pif
document.pif
NOTE: The worm de-activates on June 8, 2003, and therefore, the last day on which the worm will spread is June 7, 2003.
Also Known As: W32/Sobig.c@MM [McAfee], Win32/Sobig.C [ESET]
Type: Worm
Infection Length: About 59kb
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
Reply With Quote