I got an apparently spam e-mail today with an attachment. I decided to just delete it without checking out the attachment.
The new computer came with Norton AntiVirus, but my subscription to McAfee from the old one isn't up and I still get e-mail warnings from them. I got one today and the attachment mentioned sounded like the one I got. I checked the Trash folder, and sure enough that was it!
Later, another e-mail came, took a while to download, and then Norton suddenly popped up and indicated that it had deleted the attachment. When I looked at the e-mail, it was the one warned about.
Normally, I hear of these things on the news or whatever, but they never seem to come to me. So, if I was hit twice in one day, I figure this one must really be something and thought I better warn everyone.
Here is the e-mail I got from McAfee:
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host
computer, then emails itself (using its own SMTP engine)
to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the
"from: field", using one of the harvested email addresses.
Note: The worm copies itself onto the infected machine as:
C:- WINNTWINPPR32.EXE
Caution: An infected email can come from addresses you
recognize and may contain the following information:
Subject:
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie
Attachment:
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif
Body:
- See the attached file for details
- Please see the attached file for details
Current and up-to-date VirusScan users are protected from
this threat.
Learn more about W32/Sobig.f@MM:
==>
http://us.mcafee.com/root/campaign.asp?cid=8449Scan for W32/Sobig.f@MM:
==>
http://us.mcafee.com/root/campaign.asp?cid=8450