Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
May 24, 2012, 09:30:14 AM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: New Worm  (Read 373 times)
TWebMan
Quantum Encyclopedia Writer
*****
Offline Offline

Posts: 3112



WWW
« on: June 25, 2003, 05:54:49 PM »
This from Trend:

WORM_SOBIG.E

This nondestructive worm propagates via network shares and via email
using its own SMTP (Simple Mail Transfer Protocol) engine. It gathers
its target email addresses from files with WAB, DBX, HTM, HTML, EML and TXT
file extensions.

The email message has varying subjects, and has a messsage body that
states "Please see attached file." It also contains a ZIP file attachment
with the file name Your_details.zip. This ZIP file contains the copy of
the worm with the filename DETAILS.PIF.
Logged
"Computers cause people to make more mistakes than any other invention in history, with the possible exception of handguns and tequila."  - Unknown
"Liberty of any kind is seldom lost all at once." - D. Hume
Every day is an Ode to Joy
The planet will be fine... and so will your site
snickn
Jabba the Hutt
*****
Offline Offline

Posts: 552


WWW
« Reply #1 on: June 26, 2003, 08:31:52 AM »
To add to that, here's a website describing Sobig, I've received 5-10 emails from it myself, so it's out in full force:

http://vil.nai.com/vil/content/v_100429.htm
Logged
kwdavids
Galactic Royalty
*****
Offline Offline

Posts: 324



WWW
« Reply #2 on: August 22, 2003, 10:42:43 AM »
I note that Spam Assassin is scoring emails with the SoBig worm somewhere in the 6.4 to 7 range (our cutoff is 7.5). I'm was going to tinker with the Spam Assassin rules to see if I could filter it out.

However, I noticed that 12:01 local time, all of the SoBig emails stopped including an attachment. Based on what I read on the Symantec site about SoBig shutting down the day after it stops infection (which they say is Sept 5), my guess is that it will shut down tomorrow.
Logged
Kevin
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: