Virus Pretends To Come From firstname.lastname@example.org
For full information and tools for removal
W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email addresses, purporting to have been sent by Microsoft (email@example.com). The worm finds the addresses in the files with the following extensions:
The email message has the following characteristics:
The subject line will be one of the following:
Approved (Ref: 38446-263)
Re: Approved (Ref: 3394-65467)
Re: My details
Re: My application
Message Body: All information is in the attached file.
Attachment: The attachment name will be one
of the following:
The worm de-activates on May 31, 2003, and therefore, the last day on which the worm will spread is May 30, 2003.
Virus definitions dated prior to May 19, 2003 may detect this threat as W32.HLLW.Mankx@mm.
Symantec Security Response has created a tool to remove W32.Sobig.B@mm.
Also Known As: W32.HLLW.Mankx@mm, W32/Palyh@MM [McAfee], W32/Palyh-A [Sophos], I-Worm.Palyh [KAV], WORM_PALYH.A [Trend], Win32.Palyh.A [CA]
Infection Length: 52,898 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
For full information and tools for removal see..