Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Aug 2003 19:58:17 +0200
From:      Armand Passelac <apasselac@free.fr>
To:        Kliment Andreev <klimenta@futurebit.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Flood of infected emails
Message-ID:  <20030819175817.GA3855@freebie.freebsd.org>
In-Reply-To: <002201c36668$a729c3f0$ca0110ac@vinyl.tkvbp.com>
References:  <002301c36666$b530afb0$04fea8c0@moe> <002201c36668$a729c3f0$ca0110ac@vinyl.tkvbp.com>

next in thread | previous in thread | raw e-mail | index | archive | help

Here is the virus description from TrendMicro Labs :

We decide to declare a YELLOW ALERT on the malware WORM_SOBIG.F, due to several infection over the world.
For reminder here is the short Virus Description:
This worm propagates by mass-mailing copies of itself using its own Simple Mail Transfer Protocol (SMTP) engine. It collects email addresses
+from files with the following extensions:
DBX
HLP
MHT
WAB
HTML
The email message it sends out contains the following details:
Subject: <any of the following:>
Re: Thank you!
Thank you!
Re: Details
Re: Re: My details
Re: Approved
Re: Your application
Re: Wicked screensaver
Re: That movie
Message body: <any of the following:>
See the attached file for details.
Please see the attached file for details.
Attachment: <any of the following:>
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
Re: Thank you!
It runs on Windows 95, 98, ME, NT,2000, and XP systems.
http://www.trendmicro-europe.com

To want you have to do, TrendMicro explains everything here :
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F

GOOD LUCK !!


[---- On Tue, 19 Aug, 2003 at 11:43, Kliment Andreev wrote: ----]
Kliment> 
Kliment> 
Kliment> >> Has anyone besides me been receiving a flood of infected emails?
Kliment> 
Kliment> 
Kliment> I am flooded too. From 8:00AM (EST) till now (11:40AM) I received almost 120
Kliment> of these emails. I am using Norton Antivirus 2003. The attachments were
Kliment> purged automatically. According to
Kliment> http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html
Kliment> this worm will stop 10-Sep. :)
Kliment> 
Kliment> _______________________________________________
Kliment> freebsd-questions@freebsd.org mailing list
Kliment> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Kliment> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
[---- End of original mail from Kliment Andreev ----]

-- 
"No guts No glory"

=] PASSELAC Armand [=
     (  @ @ )   
Ingenieur Systemes-Reseaux & Securite
ORBYTES INGENIERIE



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030819175817.GA3855>