NEWS
|
Are Strangers E-mailing you that you sent them a Virus?
W32Sobig worm
The current virus which is circulating is called the
W32Sobig worm.
It actually comes in multiple flavors that are identified by adding the letters
a-f after the name.
The variant
W32.Sobig.F@mm was discovered on August 18th.
Due to the number of submissions received from customers,
Symantec Security Response has upgraded this threat to a Category 4 from a
Category 3 threat as of August 21, 2003.
This worm is causing, clean uninfected computers to
receive Virus warnings from recipients to whom they have not sent any E-mails
either lately or ever. The following is an excerpt from Symantec’s document
about this worm. (Please review possible
solution mentioned at the end of this Document)
The worm uses its own SMTP engine to propagate and
attempts to create a copy of itself on accessible network shares, but fails due
to bugs in the code.
Email routine details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is
most likely not the real sender). The worm may also use the address
admin@internet.com
as the sender.
NOTES:
The spoofed addresses and the Send To addresses are
both taken from the files found on the computer. Also, the worm may use the
settings of the infected computer's settings to check for an SMTP server to
contact.
· The choice of the internet.com domain appears to be
arbitrary and does not have any connection to the actual domain or its parent
company.
|
Subject:
· Re: Details
· Re: Approved
· Re: Re: My details
· Re: Thank you!
· Re: That movie
· Re: Wicked screensaver
· Re: Your application
· Thank you!
· Your details |
Body:
· See the attached file for details
· Please see the attached file for details.
|
Attachment:
· your_document.pif
· document_all.pif
· thank_you.pif
· your_details.pif
· details.pif
· document_9446.pif
· application.pif
· wicked_scr.scr
· movie0045.pif |
|
|
