I noticed that an email sent to this list had
this virus. The attachment was Your_details.zip. Below are the details from the Symantec site.
Is there any way we can have these emails checked for viruses before they
are sent to this list. I have also noticed some unsolicited mails of
late.
Kahindo
Due to an increased rate of
submissions, Symantec Security Response has upgraded this threat to a Category 3
from a Category 2.
W32.Sobig.E at mm is a mass-mailing, network-aware worm that sends itself to all
the email addresses that it finds in the files with the following extensions:
- .wab
- .dbx
- .htm
- .html
- .eml
- .txt
The email falsely purports that Yahoo sent it
(support at yahoo.com).
Email Routine DetailsThe email message
has the following characteristics:
From: support at yahoo.com
(
NOTE: W32.Sobig.E at mm spoofs this field. It could be any
address.)
Subject: The subject line will be one of the following:
- Re: Application
- Re: Movie
- Re: Movies
- Re: Submitted
- Re: ScRe:ensaver
- Re: Documents
- Re: Re: Application ref 003644
- Re: Re: Document
- Your application
- Application.pif
- Applications.pif
- movie.pif
- Screensaver.scr
- submited.pif
- new document.pif
- Re: document.pif
- 004448554.pif
- Referer.pif
Attachment: The attachment name will be
one of the following:
- Your_details.zip (contains Details.pif)
- Application.zip (contains Application.pif)
- Document.zip (contains Document.pif)
- Screensaver.zip (contains Sky.world.scr)
- Movie.zip (contains Movie.pif)
NOTE: The worm
de-activates on July 14, 2003, and therefore, the last day on which the worm
will spread is July 13, 2003.
Symantec Security Response has created a
tool
to remove W32.Sobig.E at mm.
Also Known
As: Win32.Sobig.E [CA], W32/Sobig-E [Sophos], W32/Sobig.e at MM [McAfee],
WORM_SOBIG.E [Trend], I-Worm.Sobig.e [KAV]
Type: Worm
Infection
Length: 82,195 bytes (zip file), 86,528 bytes (executable)
Systems
Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP,
Windows Me
Systems
Not Affected: Macintosh, OS/2, UNIX, Linux