INDEPENDENT NEWS

W32.Sobig.F@mm – Upgraded To Level 3 Threat

By: Symantec
Published: Wed 20 Aug 2003 03:18 PM
Symantec Security Response - W32.Sobig.F@mm - Level 3 threat
W32.Sobig.F@mm
Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 3 (moderate) from a Category 2 threat. This worm is mostly affecting the consumer user. Symantec Security Response expects that this worm will continue to spread at a steady pace for the next 2-3 days. W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm utilises it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. The email will have a Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address admin@internet.com as the sender.
* Re: Details
* Re: Approved
* Re: Re: My details
* Re: Thank you!
* Re: That movie
* Re: Wicked screensaver
* Re: Your application
* Thank you!
* Your details
Body:
* See the attached file for details
* Please see the attached file for details.
Attachment:
* your_document.pif
* document_all.pif
* thank_you.pif
* your_details.pif
* details.pif
* document_9446.pif
* application.pif
* wicked_scr.scr
* movie0045.pif
NOTE: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
Definitions for this worm were posted via LiveUpdate and Intelligent Updater on August 19th. Additional technical details and a removal tool for this worm may be found at - http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
W32.Welchia.Worm Update
Current Submission numbers - 305 total, 42 corporate.
Because W32.Welchia.Worm and W32.Blaster.Worm use the same vulnerability, DeepSight cannot differentiate the infections at this time. (Total number of infected systems for both these worms is currently 630,000.) Symantec Security Response has received confirmation that large enterprise customers are still being impacted greatly by this worm internally. The clean-up period will be at least weeks to months before systems are repaired.

Next in Business, Science, and Tech

Business Canterbury Urges Council To Cut Costs, Not Ambition For City
By: Business Canterbury
The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.
Wellington Airport On Track For Net Zero Emissions By 2028
By: Wellington Airport Limited
This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.
ANZAC Gall Fly Release Promises Natural Solution To Weed Threat
By: Landcare Research
A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands.
Auckland Rat Lovers Unite!
By: NZ Anti-Vivisection Society
On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.
$1.35 Million Grant To Study Lion-like Jumping Spiders
By: University of Canterbury
A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.
Government Ends War On Farming
By: Federated Farmers
The changes to unworkable and expensive regulations mark the end of the war on farming, says Colin Hurst from Federated Farmers. Federated Farmers strongly believe that winter grazing, stock exclusion and on-farm biodiversity can be better managed through ...
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media