[Table of Contents] [Search]


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BKARTS] Your details



Mindy, some useful context for "Your details," etc. from Symantec.


Due to the number of submissions received from customers, Symantec
Security Response has upgraded this threat to a Category 3 from a Category
2 threat.
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to
all the email addresses it finds in the files with the following
extensions:


  a.. .dbx
  b.. .eml
  c.. .hlp
  d.. .htm
  e.. .html
  f.. .mht
  g.. .wab
  h.. .txt

The worm uses its own SMTP engine to propagate and will attempt to create
a copy of itself on accessible network shares.

Email Routine Details
The email message has the following characteristics:

From: Spoofed address (which means that the sender in the "From" field is
most likely not the real sender).
The worm may use the address admin@internet.com as the sender.

Subject:
  a.. Re: Details
  b.. Re: Approved
  c.. Re: Re: My details
  d.. Re: Thank you!
  e.. Re: That movie
  f.. Re: Wicked screensaver
  g.. Re: Your application
  h.. Thank you!
  i.. Your details

Body:
  a.. See the attached file for details
  b.. Please see the attached file for details.

Attachment:
  a.. your_document.pif
  b.. document_all.pif
  c.. thank_you.pif
  d.. your_details.pif
  e.. details.pif
  f.. document_9446.pif
  g.. application.pif
  h.. wicked_scr.scr
  i.. movie0045.pif

NOTE: The worm de-activates on September 10, 2003. The last day on which
the worm will spread is September 9, 2003.

Symantec Security Response has developed a removal tool to clean the
infections of W32.Sobig.F@mm.

      Also Known As:  Sobig.F [F-Secure], W32/Sobig.f@MM [McAfee], WORM
SOBIG.F [Trend]

      Type:  Worm
      Infection Length:  about 72,000 bytes



      Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows XP
      Systems Not Affected:  Linux, Macintosh, OS/2, UNIX, Windows 3.x


            a.. Beta Virus Definitions
           August 18, 2003


            a.. Virus Definitions (Intelligent Updater) *
           August 19, 2003


            a.. Virus Definitions (LiveUpdate) **
           August 19, 2003


                  *
On Thu, 21 Aug 2003, mbelloff, IntimaPress wrote:

> I've been getting non-stop spamming the past 24 hours.  I just received an e-mail titled "Your details" from Book Arts List with a 98K attachment that had a virus detected (I did not open it, of course).  Is anyone having the same problems and know of any solution?
>
> BOOK_ARTS-L@LISTSERV.SYR.EDU wrote:
>
>
>
> mindy belloff ~ http://www.IntimaPress.com
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>
>              ***********************************************
>      *Postings may not be re-printed in any form without the express
>      consent of the author - Please respect their contributions & *
>
>             BOOK_ARTS-L: The listserv for all the book arts.
>       For subscription information, the Archive, and other related
>             resources and links go to the Book_Arts-L FAQ at:
>                       <http://www.philobiblon.com>
>
>         Archive maintained and suppported by Conservation OnLine
>                     <http://palimpsest.stanford.edu>
>              ***********************************************
>

             ***********************************************
     *Postings may not be re-printed in any form without the express
     consent of the author - Please respect their contributions & *

            BOOK_ARTS-L: The listserv for all the book arts.
      For subscription information, the Archive, and other related
            resources and links go to the Book_Arts-L FAQ at:
                      <http://www.philobiblon.com>

        Archive maintained and suppported by Conservation OnLine
                    <http://palimpsest.stanford.edu>
             ***********************************************


[Subject index] [Index for current month] [Table of Contents] [Search]