Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


W32.Sobig.F@mm upgraded to Level 4 (severe)

Symantec Security Response continues to monitor Sobig.F. With the payload set to trigger today - Friday, Aug. 22 (Backdoor Trojan), Symantec Security Response has upgraded the threat to a level 4 on a scale of 1-5, with five being the most serious.

To help put this threat in perspective, the following may be of use to you:

· Klez.H -- At its peak, Symantec Security Response recorded 4,516 submissions per day. This threat peaked two weeks after it was discovered.

· BugBear.B -- At its peak, Symantec Security Response recorded 4,812 submissions per day. This threat peaked two days after it was discovered.

· BadTrans -- At its peak, Symantec Security Response received 3,709 submissions per day. This threat peaked seven days after it was discovered

"While Blaster and Welchia primarily impacted large enterprises, Sobig.F is predominately affecting consumers and small businesses," said Richard Batchelar, Country Manager, Symantec New Zealand. "Computer users should be reminded of computer security best practices and should not open attachments unless they are expecting them."

W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:


The worm utilises it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. The email will have a Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address as the sender.

The worm has a payload which outlines that according to UTC time, the day of the week must be Friday or Sunday and the time of day must be between 7pm and 10pm UTC (making it 7am to 10am on Saturday or Monday in New Zealand). During the payload, the author of the virus may download various files - including confidential information such as passwords. The author can also set up spam relay servers on infected computers and send out information to an undefined address. The virus deactivates on September 10, 2003. The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.

Additional technical details and a removal tool for this worm may be found at -

Although Symantec Security Response is receiving approximately 1,800 submissions per day, Symantec's experts are not seeing the level of activities of past threats.


© Scoop Media

Business Headlines | Sci-Tech Headlines


ScoopPro: Helping PR Professionals Get More Out Of Scoop has been a fixture of New Zealand’s news and Public Relations infrastructure for over 18 years. However, without the financial assistance of those using Scoop in a professional context in key sectors such as Public Relations and media, Scoop will not be able to continue this service... More>>

Insurance: 2017 Worst Year On Record For Weather-Related Losses

The Insurance Council of New Zealand (ICNZ) announced today that 2017 has been the most expensive year on record for weather-related losses, with a total insured-losses value of more than $242 million. More>>


Crown Accounts: Govt Books In Line With Forecasts

The Government’s financial statements for the four months to 31 October indicate the books are tracking along with Treasury’s Budget forecasts, Finance Minister Grant Robertson says. More>>


Expert Reaction: Ross Sea Region Marine Protected Area In Force

Sweeping new protections for Antarctica's Ross Sea will come into effect on Friday 1 December. After five years of debate, the marine protected area (MPA) was agreed in 2016 after a joint proposal by New Zealand and the United States... More>>