[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UPDATE from Symantac page RE: [at-l] OT New Virus Threat

Subject: UPDATE from Symantac page RE: [at-l] OT New Virus Threat
From: nealb at midlandstech.com (William Neal)
Date: Mon May 26 09:27:13 2003

I did not identify the virus by any coding.  I never remember those.  I do
remember that one of the "catch" lines had it as being from Microsoft;
apparently from their tech dept.  Our IRM manger told us that it was not
from Microsoft; apparently they checked directly with MS.  But I have  seen
that or similar warnings from other places.  So if you get anything from the
Big MS, check with them before opening it.  

Also, this came from a Symantec page (they make NORTON)  To check for your
self go to 

http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html

SYMANTEC PAGE

W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email
addresses, purporting to have been sent by Microsoft
(support@microsoft.com). The worm finds the addresses in the files with the
following extensions: 

.wab 
.dbx 
.htm 
.html 
.eml 
.txt

Email Routine Details
The email message has the following characteristics:

From: support@microsoft.com

Subject: The subject line will be one of the following: 
Your details 
Approved (Ref: 38446-263) 
Re: Approved (Ref: 3394-65467) 
Your password 
Re: My details 
Screensaver 
Cool screensaver 
Re: Movie 
Re: My application

Message Body: All information is in the attached file.

Attachment: The attachment name will be one of the following: 
your_details.pif 
ref-394755.pif 
approved.pif 
password.pif 
doc_details.pif 
screen_temp.pif 
screen_doc.pif 
movie28.pif 
application.pif

NOTES: 
The worm de-activates on May 31, 2003, and therefore, the last day on which
the worm will spread is May 30, 2003. 
Virus definitions dated prior to May 19, 2003 may detect this threat as
W32.HLLW.Mankx@mm.

Symantec Security Response has created a tool to remove W32.Sobig.B@mm.

-----Original Message-----
From: L. Clayton Parker [mailto:lparker@cacaphony.net]
Sent: Monday, May 26, 2003 8:38 AM
To: plodder@juno.com; nealb@midlandstech.com
Cc: richehli@optonline.net; at-l@mailman.backcountry.net
Subject: RE: [at-l] OT New Virus Threat

Funny, but VirusScan deletes several of those a week from my mail. Better
search again...

Lee I Joe

> -----Original Message-----
> From: at-l-bounces@mailman.backcountry.net
> [mailto:at-l-bounces@mailman.backcountry.net]On Behalf Of
> plodder@juno.com
> Sent: Monday, May 26, 2003 7:25 AM
> To: nealb@midlandstech.com
> Cc: richehli@optonline.net; at-l@mailman.backcountry.net
> Subject: RE: [at-l] OT New Virus Threat
>
>
>
> I just searched http://www.symantec.com/avcenter/ which is
> Norton's site and found no such thing listed.
> Plodder
>
> --- William Neal <nealb@midlandstech.com> wrote:
>
>  of new worm called
> *W32/Sobig.b[at]MM* first identified 5/18.
>
>
>
>
> ________________________________________________________________
> The best thing to hit the internet in years - Juno SpeedBand!
> Surf the web up to FIVE TIMES FASTER!
> Only $14.95/ month - visit www.juno.com to sign up today!
> _______________________________________________
> at-l mailing list
> at-l@mailman.backcountry.net
> http://mailman.hack.net/mailman/listinfo/at-l

Prev by Date: [at-l] tell me, please...
Next by Date: [at-l] Empirical Truth about BACKPACKS!
Prev by thread: [at-l] Tell me, please...
Next by thread: [at-l] Naming Katahdin
Index(es):
- Date
- Thread