Virus Alert - W32/Sobig.f@MM
VIRUS ALERTVirus Name: W32/Sobig.f@MM
Risk Factor: HIGH
We would like to make all our users aware of a new worn doing the rounds.
This detection is for a new variant of W32/Sobig. In common with previous variants, the worm is written in MSVC, and bears the following characteristics:
- propagates via email, constructing outgoing messages with its own SMTP engine
- propagates over network shares (not confirmed in testing yet)
Mail Propagation
The worm mails itself to email addresses harvested from the victim machine, using its own SMTP engine to construct outgoing messages. Target email addresses are harvested from files with the following extensions:
- DBX
- HLP
- MHT
- WAB
- EML
- TXT
- HTM
- HTML
Subject:
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif
- See the attached file for details
- Please see the attached file for details
Our email virus scanner has been updated to protect against this threat.
Stinger is a stand alone remover. You may download your copy by going to the following URL: http://vil.nai.com/vil/stinger
Reference: http://vil.nai.com/vil/content/v_100561.htm
Johann