J
Jose
W32/Sobig.f@MM (High Risk)
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk
mass-mailing worm. It arrives as an email attachment with a .pif or .scr
extension. When run, it infects the host computer, then emails itself (using
its own SMTP engine) to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the "from:
field", using one of the harvested email addresses. So exercise care when
opening emails with attachments. An infected email can come from addresses
you recognize.
Because it sends so many emails, a worm like Sobig also saps
bandwidth and slows network performance. Worse, it can also open up a user's
computer port, making it vulnerable to hackers, who can plant dangerous
Trojans. These malicious programs often let unauthorized users remotely take
over a system, steal personal information or use the infected PC to send
spam.
What are the common subject lines, attachment names and message
content associated with W32/Sobig.f@MM emails?
Subject: a.. Your details
b.. Thank you!
c.. Re: Thank you!
d.. Re: Details
e.. Re: Re: My details
a.. Re: Approved
b.. Re: Your application
c.. Re: Wicked screensaver
d.. Re: That movie
e.. Re: That movie
Attachment: a.. your_document.pif
b.. document_all.pif
c.. thank_you.pif
d.. your_details.pif
e.. details.pif
a.. document_9446.pif
b.. application.pif
c.. wicked_scr.scr
d.. movie0045.pif
Body:
a.. See the attached file for details
b.. Please see the attached file for details
How do you know if you've been infected?
The worm copies itself onto an infected machine as:
C:\WINNT\WINPPR32.EXE
How do you clean your system if it's already infected?
Download McAfee Stinger. A stand-alone utility used to detect
and remove specific viruses, it is not a substitute for full anti-virus
protection, but rather a tool to assist administrators and users when
dealing with an infected system.
How do you prevent future attacks?
Update your anti-virus software. Always ensure your virus
definition DAT files are current. If you do not own anti-virus software,
order McAfee VirusScan here.
Looking for more information about the worm?
For a more detailed description of Sobig and its
characteristics, visit the Virus Profile page.
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk
mass-mailing worm. It arrives as an email attachment with a .pif or .scr
extension. When run, it infects the host computer, then emails itself (using
its own SMTP engine) to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the "from:
field", using one of the harvested email addresses. So exercise care when
opening emails with attachments. An infected email can come from addresses
you recognize.
Because it sends so many emails, a worm like Sobig also saps
bandwidth and slows network performance. Worse, it can also open up a user's
computer port, making it vulnerable to hackers, who can plant dangerous
Trojans. These malicious programs often let unauthorized users remotely take
over a system, steal personal information or use the infected PC to send
spam.
What are the common subject lines, attachment names and message
content associated with W32/Sobig.f@MM emails?
Subject: a.. Your details
b.. Thank you!
c.. Re: Thank you!
d.. Re: Details
e.. Re: Re: My details
a.. Re: Approved
b.. Re: Your application
c.. Re: Wicked screensaver
d.. Re: That movie
e.. Re: That movie
Attachment: a.. your_document.pif
b.. document_all.pif
c.. thank_you.pif
d.. your_details.pif
e.. details.pif
a.. document_9446.pif
b.. application.pif
c.. wicked_scr.scr
d.. movie0045.pif
Body:
a.. See the attached file for details
b.. Please see the attached file for details
How do you know if you've been infected?
The worm copies itself onto an infected machine as:
C:\WINNT\WINPPR32.EXE
How do you clean your system if it's already infected?
Download McAfee Stinger. A stand-alone utility used to detect
and remove specific viruses, it is not a substitute for full anti-virus
protection, but rather a tool to assist administrators and users when
dealing with an infected system.
How do you prevent future attacks?
Update your anti-virus software. Always ensure your virus
definition DAT files are current. If you do not own anti-virus software,
order McAfee VirusScan here.
Looking for more information about the worm?
For a more detailed description of Sobig and its
characteristics, visit the Virus Profile page.