--------------------------------------
VIRUS ADVISORY - W32/Sobig.f@MM
---------------------------------------
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk
mass-mailing worm. It arrives as an email attachment with
a .pif or .scr extension. When run, it infects the host
computer, then emails itself (using its own SMTP engine)
to harvested email addresses from the victim's machine.
In addition, when it propagates, the worm "spoofs" the
"from: field", using one of the harvested email addresses.
Note: The worm copies itself onto the infected machine as:
C:\WINNT\WINPPR32.EXE
Caution: An infected email can come from addresses you
recognize and may contain the following information:
Subject:
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie
Attachment:
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif
Body:
- See the attached file for details
- Please see the attached file for details
WARNING! NEW VIRUS
by Nathan Natas 25 Replies latest jw friends
-
Nathan Natas
-
Big Tex
Great. Just fine. Another virus.
These things are started by people who do not have Enough To Do. Here is my solution: give each virus maker/hacker a shovel and have them dig a ditch from California to New York. When they reach New York, their job will be to turn around and fill the ditch back in.
Then they will finally have Something To Do.
-
drwtsn32
Yeah, this one must be going around like mad. Starting this afternoon and up until now I've received an infected message over 30 times.
-
Nathan Natas
I think the people who write these "viruses" (a more correct term is malware, as in bad software) are people with poorly developed programming skills - "just enough to be dangerous," as they say - who are seeking a feeling of personal power.
In the minds of such people, a person who throws a rock through a window is equal to the carpenter who builds a window.
I'm not as kind-hearted as you, Big Tex - I'd let them dig the trench to California, and then I'd let the Pacific Ocean fill their trench.
-
onacruse
Sheesh! I just updated my AV defs on Saturday, and already there's another 1Meg of new ones.
NN, I don't know if this is the same one as you just posted, but I just got this security alert e-mail from Symantec:
WARNING: W32.Dumaru@mm Threat level: Category 3, Moderate (scale of 1-5) Type:
Worm Virus Definitions: August 18, 2003 or later (via LiveUpdate) What is W32.Dumaru@mm and how does it affect me? W32.Dumaru@mm is a mass-mailing worm that inserts an IRC Trojan onto the infected machine. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.
The email has the following characteristics:
From: "Microsoft" <[email protected]>
Subject: Use this patch immediately!
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!Attachment: patch.exe
This threat is written in the Microsoft C++ programming language and is compressed with UPX.
To read more about the W32.Dumaru@mm, please click here.
What action can I take from here? Symantec Security Response posted virus definitions to protect against this threat on August 18, 2003 (via LiveUpdate). All users of Norton AntiVirus who do not have up-to-date virus protection should immediately run LiveUpdate for protection from W32.Dumaru@mm.
Virus definitions are available via the LiveUpdate feature in the Norton AntiVirus product or the Symantec Security Response Web site.
Symantec Security Response encourages all Norton AntiVirus users to regularly download virus definitions in order to protect against future threats. For more information on how to run LiveUpdate, please click here.
UPGRADE CUSTOMERS - If you have an older version of Norton AntiVirus and would like to upgrade to Norton AntiVirus 2003, please click here.
NEW CUSTOMERS - If you would like to purchase Norton AntiVirus 2003, please click here.
NOTE THAT THIS WORM FAKES AS A MICROSOFT SECURITY ALERT AND PATCH!
Craig
-
KGB
First of all make sure you have your virus protector updated, also go to www.ie/microsoftupdates.com and download your patch. Also I make a fake address and I start it [email protected] when the virus tries to go through your email address book it throws itself out as it cannot send it to that type of email address "get It"
oh I start it aaaa because I want it at the top of my address book
-
Nathan Natas
Geez, Craig, that's ANOTHER new one!
"Flu" season starts early this year, eh?
-
Valis
I got 4 pifs today........but no opening them.... BEWARE!
Sincerely,
Dsitrict Overbeer
-
drwtsn32
At my work we rarely get viruses. Ever since 2000 or so Microsoft has changed Outlook (note: not Outlook Express) so that it blocks potentially dangerous attachments (exe, pif, scr, vbs files, etc). This has prevented most viruses from ever having a chance to run. One exception is a virus contained in a ZIP file, which one user happened to open.
We also use the corporate version of Symantec AntiVirus to catch anything that might squeak through. In that above example of the ZIP file, we got infected because there is always a small time window between when a virus first gets out into the wild and antivirus companies update their signatures. This one happened to slip through during that window. User training is vital, although it doesn't always work.
Outlook Express 6 has the ability to block dangerous attachments, from what I recall, but I don't use it so I'm not sure.
-
Mulan
This one is really nasty too!!!
I came home today and had 89 of them in my inbox. After dinner I had 63 more. And I have deleted 36 in the past 5 minutes, so I've gotten about 150 today. My firewall is working overtime.
I really thought I was infected and that was how I was getting them. So glad it isn't true.
NEVER open one of these. And when you delet them, delete the file..............don't let them sit in the delete area.
You might check Outlook too, if you have it on your computer. I always use Outlook Express, but I opened my Outlook program, to check it after a cousin suggested it, and I had over 100 of these same emails in my outbox trying to be sent out as if they were from me. My firewall wasn't allowing it, so they weren't sent. I deleted all of them.