Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

W32.Sobig.F@mm – Upgraded To Level 3 Threat

Wednesday, 20 August 2003, 3:18 pm
Press Release: Symantec

Symantec Security Response - W32.Sobig.F@mm - Level 3 threat

W32.Sobig.F@mm

Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 3 (moderate) from a Category 2 threat. This worm is mostly affecting the consumer user. Symantec Security Response expects that this worm will continue to spread at a steady pace for the next 2-3 days. W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:

.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt

The worm utilises it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. The email will have a Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address admin@internet.com as the sender.


* Re: Details
* Re: Approved
* Re: Re: My details
* Re: Thank you!
* Re: That movie
* Re: Wicked screensaver
* Re: Your application
* Thank you!
* Your details

Body:
* See the attached file for details
* Please see the attached file for details.

Attachment:
* your_document.pif
* document_all.pif
* thank_you.pif
* your_details.pif
* details.pif
* document_9446.pif
* application.pif
* wicked_scr.scr
* movie0045.pif


NOTE: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

Definitions for this worm were posted via LiveUpdate and Intelligent Updater on August 19th. Additional technical details and a removal tool for this worm may be found at - http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

W32.Welchia.Worm Update

Current Submission numbers - 305 total, 42 corporate.

Because W32.Welchia.Worm and W32.Blaster.Worm use the same vulnerability, DeepSight cannot differentiate the infections at this time. (Total number of infected systems for both these worms is currently 630,000.) Symantec Security Response has received confirmation that large enterprise customers are still being impacted greatly by this worm internally. The clean-up period will be at least weeks to months before systems are repaired.


© Scoop Media

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.
 
 
 
Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH


 
work Join Scoop Pro
 
Submit News
 
person_add Become a Member
 
 
 
 
 

InfoPages News Channels

Inventory Management
 
 

LATEST HEADLINES

  • BUSINESS
  • SCI-TECH
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.