[Table of Contents] [Search]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BKARTS] Your details

Mindy, some useful context for "Your details," etc. from Symantec.

Due to the number of submissions received from customers, Symantec
Security Response has upgraded this threat to a Category 3 from a Category
2 threat.
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to
all the email addresses it finds in the files with the following

  a.. .dbx
  b.. .eml
  c.. .hlp
  d.. .htm
  e.. .html
  f.. .mht
  g.. .wab
  h.. .txt

The worm uses its own SMTP engine to propagate and will attempt to create
a copy of itself on accessible network shares.

Email Routine Details
The email message has the following characteristics:

From: Spoofed address (which means that the sender in the "From" field is
most likely not the real sender).
The worm may use the address admin@xxxxxxxxxxxx as the sender.

  a.. Re: Details
  b.. Re: Approved
  c.. Re: Re: My details
  d.. Re: Thank you!
  e.. Re: That movie
  f.. Re: Wicked screensaver
  g.. Re: Your application
  h.. Thank you!
  i.. Your details

  a.. See the attached file for details
  b.. Please see the attached file for details.

  a.. your_document.pif
  b.. document_all.pif
  c.. thank_you.pif
  d.. your_details.pif
  e.. details.pif
  f.. document_9446.pif
  g.. application.pif
  h.. wicked_scr.scr
  i.. movie0045.pif

NOTE: The worm de-activates on September 10, 2003. The last day on which
the worm will spread is September 9, 2003.

Symantec Security Response has developed a removal tool to clean the
infections of W32.Sobig.F@mm.

      Also Known As:  Sobig.F [F-Secure], W32/Sobig.f@MM [McAfee], WORM
SOBIG.F [Trend]

      Type:  Worm
      Infection Length:  about 72,000 bytes

      Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows XP
      Systems Not Affected:  Linux, Macintosh, OS/2, UNIX, Windows 3.x

            a.. Beta Virus Definitions
           August 18, 2003

            a.. Virus Definitions (Intelligent Updater) *
           August 19, 2003

            a.. Virus Definitions (LiveUpdate) **
           August 19, 2003

On Thu, 21 Aug 2003, mbelloff, IntimaPress wrote:

> I've been getting non-stop spamming the past 24 hours.  I just
>received an e-mail titled "Your details" from Book Arts List with a
>98K attachment that had a virus detected (I did not open it, of
>course).  Is anyone having the same problems and know of any
> BOOK_ARTS-L@xxxxxxxxxxxxxxxx wrote:
> mindy belloff ~ http://www.IntimaPress.com

     *Postings may not be re-printed in any form without the express
     consent of the author - Please respect their contributions & *

            BOOK_ARTS-L: The listserv for all the book arts.
      For subscription information, the Archive, and other related
            resources and links go to the Book_Arts-L FAQ at:

        Archive maintained and suppported by Conservation OnLine

[Subject index] [Index for current month] [Table of Contents] [Search]