« previous next »
Pages: 1   Go Down

Author Topic: New worm spreading  (Read 726 times)

0 Members and 1 Guest are viewing this topic.

Offline Josette

  • Full A ed Newest Fervor Post
  • NEW ASCENDANT
  • ******
  • Posts: 4598
  • Karma: +75/-3057
  • Gender: Female
    • View Profile
New worm spreading
« on: August 20, 2003, 04:58:30 AM »
I got an apparently spam e-mail today with an attachment.  I decided to just delete it without checking out the attachment.

The new computer came with Norton AntiVirus, but my subscription to McAfee from the old one isn't up and I still get e-mail warnings from them.  I got one today and the attachment mentioned sounded like the one I got.  I checked the Trash folder, and sure enough that was it!

Later, another e-mail came, took a while to download, and then Norton suddenly popped up and indicated that it had deleted the attachment.  When I looked at the e-mail, it was the one warned about.

Normally, I hear of these things on the news or whatever, but they never seem to come to me.  So, if I was hit twice in one day, I figure this one must really be something and thought I better warn everyone.

Here is the e-mail I got from McAfee:

A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host
computer, then emails itself (using its own SMTP engine)
to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the
"from: field", using one of the harvested email addresses.

Note: The worm copies itself onto the infected machine as:

C:- WINNTWINPPR32.EXE

Caution: An infected email can come from addresses you
recognize and may contain the following information:

Subject:
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie

Attachment:
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif

Body:
- See the attached file for details
- Please see the attached file for details

Current and up-to-date VirusScan users are protected from
this threat.

Learn more about W32/Sobig.f@MM:
==> http://us.mcafee.com/root/campaign.asp?cid=8449
Scan for W32/Sobig.f@MM:
==> http://us.mcafee.com/root/campaign.asp?cid=8450
Logged
Josette
Pages: 1   Go Up
« previous next »