W32.Sobig.F@mm – Upgraded To Level 3 Threat

Wednesday, 20 August 2003, 3:18 pm
Press Release: Symantec

Symantec Security Response - W32.Sobig.F@mm - Level 3 threat

W32.Sobig.F@mm

Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 3 (moderate) from a Category 2 threat. This worm is mostly affecting the consumer user. Symantec Security Response expects that this worm will continue to spread at a steady pace for the next 2-3 days. W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses that it finds in the files with the following extensions:

.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt

The worm utilises it's own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. The email will have a Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address admin@internet.com as the sender.

* Re: Details
* Re: Approved
* Re: Re: My details
* Re: Thank you!
* Re: That movie
* Re: Wicked screensaver
* Re: Your application
* Thank you!
* Your details

Body:
* See the attached file for details
* Please see the attached file for details.

Attachment:
* your_document.pif
* document_all.pif
* thank_you.pif
* your_details.pif
* details.pif
* document_9446.pif
* application.pif
* wicked_scr.scr
* movie0045.pif

NOTE: The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.

Advertisement - scroll to continue reading

Definitions for this worm were posted via LiveUpdate and Intelligent Updater on August 19th. Additional technical details and a removal tool for this worm may be found at - http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

W32.Welchia.Worm Update

Current Submission numbers - 305 total, 42 corporate.

Because W32.Welchia.Worm and W32.Blaster.Worm use the same vulnerability, DeepSight cannot differentiate the infections at this time. (Total number of infected systems for both these worms is currently 630,000.) Symantec Security Response has received confirmation that large enterprise customers are still being impacted greatly by this worm internally. The clean-up period will be at least weeks to months before systems are repaired.

Advertisement - scroll to continue reading

Are you licensed for Scoop?

Scoop is free for personal use, but you’ll need a licence for work use. This is part of our Ethical Paywall and how we fund Scoop without a regular paywall. Join today with plans starting from just $11 per month, and start using Scoop like a Pro.

Join Pro Individual Find out more

Find more from Symantec on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

NZAS: New Zealand Association Of Scientists Awards Celebrate The Achievements Of Scientists And Our Science System

This year’s awards demonstrate the range of value and impact that individual scientists bring to science in Aotearoa NZ. It has been an extraordinarily difficult year for science and scientists in Aotearoa NZ, and it is important to remember that we have outstanding, world-leading work being done here which underpins our society, economy, and communities of learning.

Stats NZ: Retail Spending Flat In The September 2024 Quarter

The total volume of retail sales in New Zealand decreased by 0.1 percent in the September 2024 quarter compared with the June 2024 quarter, according to figures released by Stats NZ.

Antarctica New Zealand: International Team Launch Second Attempt To Drill Deep For Antarctic Climate Clues

Kiwi climate researchers are part of an ambitious mission to recover critical geological records to help forecast future sea-level rise. The first team members have embarked on a 1128 km journey across the Ross Ice Shelf to set up camp on edge of the West Antarctic Ice Sheet.