Date: Tue, 19 Aug 2003 19:58:17 +0200 From: Armand Passelac <apasselac@free.fr> To: Kliment Andreev <klimenta@futurebit.com> Cc: freebsd-questions@freebsd.org Subject: Re: Flood of infected emails Message-ID: <20030819175817.GA3855@freebie.freebsd.org> In-Reply-To: <002201c36668$a729c3f0$ca0110ac@vinyl.tkvbp.com> References: <002301c36666$b530afb0$04fea8c0@moe> <002201c36668$a729c3f0$ca0110ac@vinyl.tkvbp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Here is the virus description from TrendMicro Labs : We decide to declare a YELLOW ALERT on the malware WORM_SOBIG.F, due to several infection over the world. For reminder here is the short Virus Description: This worm propagates by mass-mailing copies of itself using its own Simple Mail Transfer Protocol (SMTP) engine. It collects email addresses +from files with the following extensions: DBX HLP MHT WAB HTML The email message it sends out contains the following details: Subject: <any of the following:> Re: Thank you! Thank you! Re: Details Re: Re: My details Re: Approved Re: Your application Re: Wicked screensaver Re: That movie Message body: <any of the following:> See the attached file for details. Please see the attached file for details. Attachment: <any of the following:> your_document.pif document_all.pif thank_you.pif your_details.pif details.pif document_9446.pif application.pif wicked_scr.scr movie0045.pif Re: Thank you! It runs on Windows 95, 98, ME, NT,2000, and XP systems. http://www.trendmicro-europe.com To want you have to do, TrendMicro explains everything here : http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F GOOD LUCK !! [---- On Tue, 19 Aug, 2003 at 11:43, Kliment Andreev wrote: ----] Kliment> Kliment> Kliment> >> Has anyone besides me been receiving a flood of infected emails? Kliment> Kliment> Kliment> I am flooded too. From 8:00AM (EST) till now (11:40AM) I received almost 120 Kliment> of these emails. I am using Norton Antivirus 2003. The attachments were Kliment> purged automatically. According to Kliment> http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html Kliment> this worm will stop 10-Sep. :) Kliment> Kliment> _______________________________________________ Kliment> freebsd-questions@freebsd.org mailing list Kliment> http://lists.freebsd.org/mailman/listinfo/freebsd-questions Kliment> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" [---- End of original mail from Kliment Andreev ----] -- "No guts No glory" =] PASSELAC Armand [= ( @ @ ) Ingenieur Systemes-Reseaux & Securite ORBYTES INGENIERIE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030819175817.GA3855>