[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UPDATE from Symantac page RE: [at-l] OT New Virus Threat
- Subject: UPDATE from Symantac page RE: [at-l] OT New Virus Threat
- From: nealb at midlandstech.com (William Neal)
- Date: Mon May 26 09:27:13 2003
I did not identify the virus by any coding. I never remember those. I do
remember that one of the "catch" lines had it as being from Microsoft;
apparently from their tech dept. Our IRM manger told us that it was not
from Microsoft; apparently they checked directly with MS. But I have seen
that or similar warnings from other places. So if you get anything from the
Big MS, check with them before opening it.
Also, this came from a Symantec page (they make NORTON) To check for your
self go to
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html
SYMANTEC PAGE
W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email
addresses, purporting to have been sent by Microsoft
(support@microsoft.com). The worm finds the addresses in the files with the
following extensions:
.wab
.dbx
.htm
.html
.eml
.txt
Email Routine Details
The email message has the following characteristics:
From: support@microsoft.com
Subject: The subject line will be one of the following:
Your details
Approved (Ref: 38446-263)
Re: Approved (Ref: 3394-65467)
Your password
Re: My details
Screensaver
Cool screensaver
Re: Movie
Re: My application
Message Body: All information is in the attached file.
Attachment: The attachment name will be one of the following:
your_details.pif
ref-394755.pif
approved.pif
password.pif
doc_details.pif
screen_temp.pif
screen_doc.pif
movie28.pif
application.pif
NOTES:
The worm de-activates on May 31, 2003, and therefore, the last day on which
the worm will spread is May 30, 2003.
Virus definitions dated prior to May 19, 2003 may detect this threat as
W32.HLLW.Mankx@mm.
Symantec Security Response has created a tool to remove W32.Sobig.B@mm.
-----Original Message-----
From: L. Clayton Parker [mailto:lparker@cacaphony.net]
Sent: Monday, May 26, 2003 8:38 AM
To: plodder@juno.com; nealb@midlandstech.com
Cc: richehli@optonline.net; at-l@mailman.backcountry.net
Subject: RE: [at-l] OT New Virus Threat
Funny, but VirusScan deletes several of those a week from my mail. Better
search again...
Lee I Joe
> -----Original Message-----
> From: at-l-bounces@mailman.backcountry.net
> [mailto:at-l-bounces@mailman.backcountry.net]On Behalf Of
> plodder@juno.com
> Sent: Monday, May 26, 2003 7:25 AM
> To: nealb@midlandstech.com
> Cc: richehli@optonline.net; at-l@mailman.backcountry.net
> Subject: RE: [at-l] OT New Virus Threat
>
>
>
> I just searched http://www.symantec.com/avcenter/ which is
> Norton's site and found no such thing listed.
> Plodder
>
> --- William Neal <nealb@midlandstech.com> wrote:
>
> of new worm called
> *W32/Sobig.b[at]MM* first identified 5/18.
>
>
>
>
> ________________________________________________________________
> The best thing to hit the internet in years - Juno SpeedBand!
> Surf the web up to FIVE TIMES FASTER!
> Only $14.95/ month - visit www.juno.com to sign up today!
> _______________________________________________
> at-l mailing list
> at-l@mailman.backcountry.net
> http://mailman.hack.net/mailman/listinfo/at-l