Sending packets like crazy

J

Jose

W32/Sobig.f@MM (High Risk)

A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk
mass-mailing worm. It arrives as an email attachment with a .pif or .scr
extension. When run, it infects the host computer, then emails itself (using
its own SMTP engine) to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the "from:
field", using one of the harvested email addresses. So exercise care when
opening emails with attachments. An infected email can come from addresses
you recognize.

Because it sends so many emails, a worm like Sobig also saps
bandwidth and slows network performance. Worse, it can also open up a user's
computer port, making it vulnerable to hackers, who can plant dangerous
Trojans. These malicious programs often let unauthorized users remotely take
over a system, steal personal information or use the infected PC to send
spam.


What are the common subject lines, attachment names and message
content associated with W32/Sobig.f@MM emails?

Subject: a.. Your details
b.. Thank you!
c.. Re: Thank you!
d.. Re: Details
e.. Re: Re: My details
a.. Re: Approved
b.. Re: Your application
c.. Re: Wicked screensaver
d.. Re: That movie
e.. Re: That movie

Attachment: a.. your_document.pif
b.. document_all.pif
c.. thank_you.pif
d.. your_details.pif
e.. details.pif
a.. document_9446.pif
b.. application.pif
c.. wicked_scr.scr
d.. movie0045.pif

Body:
a.. See the attached file for details
b.. Please see the attached file for details


How do you know if you've been infected?

The worm copies itself onto an infected machine as:
C:\WINNT\WINPPR32.EXE


How do you clean your system if it's already infected?

Download McAfee Stinger. A stand-alone utility used to detect
and remove specific viruses, it is not a substitute for full anti-virus
protection, but rather a tool to assist administrators and users when
dealing with an infected system.

How do you prevent future attacks?

Update your anti-virus software. Always ensure your virus
definition DAT files are current. If you do not own anti-virus software,
order McAfee VirusScan here.

Looking for more information about the worm?

For a more detailed description of Sobig and its
characteristics, visit the Virus Profile page.
 
G

George

I removed the blaster worm about a month ago. However,
another virus got into my computer and I had to reinstall
everything. Ever since, my computer has been sending
packets like crazy over my LAN connection. Billions a
minute. It does not happen when I use the university's
wireless connection, just my home's LAN. An there is
another computer connected to the hub, and that one does
not send packets. I put up a Zone Alarm firewall and it
has not helped.
 
R

Restore

check for a Process runing call DLLHOST and kill this
process ASAP I have a simalar problem I this is how I
have stopped the transmit at 100%

Please see my post

cheers
Restore
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top