N2Futur
Aug 20, 2003, 8:55 AM
Post #2 of 3
(449 views)
Shortcut
|
More info on NEW infection W32.Sobig.F@mm (McAfee)
|
Can't Post | Private Reply
|
Here's an e-mail that I just received from Corporate Security at MCI (where I work) regarding this virus :
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine. In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses.Note: The worm copies itself onto the infected machine as: C:\WINNT\WINPPR32.EXE Caution: An infected email can come from addresses you recognize and may contain the following information:
Subject:
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie
Attachment:
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif
Body:
- See the attached file for details
- Please see the attached file for details
Current and up-to-date VirusScan users are protected from this threat.
Learn more about W32/Sobig.f@MM:
==> http://us.mcafee.com/root/campaign.asp?cid=8449
Scan for W32/Sobig.f@MM:
==> http://us.mcafee.com/root/campaign.asp?cid=8450
Elke
___________________________
"When choosing between two evils, I always like to pick the one I never tried before." - Mae West
(This post was edited by N2Futur on Aug 20, 2003, 11:28 AM)
|
Forums Index
Search Posts
Who's Online
Log In or Sign Up
