[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: W32.Sobig.E at mm



I suppose we can.
 
My anti-virus filters the messages and only sends me a notification of the same. I beleive it would be a good idea for the operator of the mailing list - uol.co.ug - to check incoming and outgoing e-mail for viruses.
 
This way, if there's a virus, all we get from the afnog.org MX is a notification that "this e-mail was infected with this virus e.t.c et.c, and not the actual infected e-mail itself.
 
Regards,

Mark Tinka - CCNA
Network Engineer, Africa Online Uganda

-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org] On Behalf Of Ndungu Kahindo
Sent: Monday, July 07, 2003 9:22 AM
To: afnog at afnog.org
Subject: W32.Sobig.E at mm

I noticed that an email sent to this list had this virus.  The attachment was Your_details.zip.  Below are the details from the Symantec site.  Is there any way we can have these emails checked for viruses before they are sent to this list.  I have also noticed some unsolicited mails of late. 

Kahindo

 

Due to an increased rate of submissions, Symantec Security Response has upgraded this threat to a Category 3 from a Category 2.

W32.Sobig.E at mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:


The email falsely purports that Yahoo sent it (support at yahoo.com).

Email Routine Details
The email message has the following characteristics:

From: support at yahoo.com (NOTE: W32.Sobig.E at mm spoofs this field. It could be any address.)

Subject: The subject line will be one of the following:
Attachment: The attachment name will be one of the following:
NOTE: The worm de-activates on July 14, 2003, and therefore, the last day on which the worm will spread is July 13, 2003.

Symantec Security Response has created a tool to remove W32.Sobig.E at mm.

Also Known As: Win32.Sobig.E [CA], W32/Sobig-E [Sophos], W32/Sobig.e at MM [McAfee], WORM_SOBIG.E [Trend], I-Worm.Sobig.e [KAV]
Type: Worm
Infection Length: 82,195 bytes (zip file), 86,528 bytes (executable)
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux