|
W32/Sobig.f@MM
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses. So exercise care when opening emails with attachments. An infected email can come from addresses you recognize.
Because it sends so many emails, a worm like Sobig also saps bandwidth and slows network performance. Worse, it can also open up a user's computer port, making it vulnerable to hackers, who can plant dangerous Trojans. These malicious programs often let unauthorized users remotely take over a system, steal personal information or use the infected PC to send spam.
What are the common subject lines, attachment names and message content associated with W32/Sobig.f@MM emails?
Subject: Your details
Thank you!
Re: Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Re: That movie
Attachment: your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
Body:
See the attached file for details
Please see the attached file for details
How do you know if you've been infected?
The worm copies itself onto an infected machine as:
C:\WINNT\WINPPR32.EXE
|