W32.Sobig.F@mm upgraded to Level 4 (severe)

Friday, 22 August 2003, 3:50 pm
Press Release: Symantec

Symantec Security Response continues to monitor Sobig.F. With the payload set to trigger today - Friday, Aug. 22 (Backdoor Trojan), Symantec Security Response has upgraded the threat to a level 4 on a scale of 1-5, with five being the most serious.

To help put this threat in perspective, the following may be of use to you:

· Klez.H -- At its peak, Symantec Security Response recorded 4,516 submissions per day. This threat peaked two weeks after it was discovered.

· BugBear.B -- At its peak, Symantec Security Response recorded 4,812 submissions per day. This threat peaked two days after it was discovered.

· BadTrans -- At its peak, Symantec Security Response received 3,709 submissions per day. This threat peaked seven days after it was discovered

"While Blaster and Welchia primarily impacted large enterprises, Sobig.F is predominately affecting consumers and small businesses," said Richard Batchelar, Country Manager, Symantec New Zealand. "Computer users should be reminded of computer security best practices and should not open attachments unless they are expecting them."

W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:

.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt

The worm utilises it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. The email will have a Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address admin@internet.com as the sender.

Advertisement - scroll to continue reading

The worm has a payload which outlines that according to UTC time, the day of the week must be Friday or Sunday and the time of day must be between 7pm and 10pm UTC (making it 7am to 10am on Saturday or Monday in New Zealand). During the payload, the author of the virus may download various files - including confidential information such as passwords. The author can also set up spam relay servers on infected computers and send out information to an undefined address. The virus deactivates on September 10, 2003. The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.

Additional technical details and a removal tool for this worm may be found at - http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

Although Symantec Security Response is receiving approximately 1,800 submissions per day, Symantec's experts are not seeing the level of activities of past threats.

ENDS

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

Business Canterbury: Urges Council To Cut Costs, Not Ambition For City

The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.

Wellington Airport: On Track For Net Zero Emissions By 2028

This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.

Landcare Research: ANZAC Gall Fly Release Promises Natural Solution To Weed Threat

A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands. The Chief of Quarantine in the Marshall Islands, Ms Silver Wase, says chromolaena was identified as a top priority for the Marshall Islands at a stakeholder workshop held in the country in December 2022.

NZ Anti-Vivisection Society: Auckland Rat Lovers Unite!

On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.

University of Canterbury: $1.35 Million Grant To Study Lion-like Jumping Spiders

A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.

Federated Farmers: Government Ends War On Farming

Today’s changes to unworkable and expensive regulations mark the end of the war on farming, says Federated Farmers freshwater spokesperson Colin Hurst. "These impractical rules have been a complete nightmare since the day they were introduced and farmers will be pleased to see the back of them," Hurst says.

Join Scoop Pro

Submit News

Become a Member