W32/Sobig.f@MM (High Risk)
A new variant of W32/Sobig, W32/Sobig.f@MM is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine.

In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses. So exercise care when opening emails with attachments. An infected email can come from addresses you recognize.

Because it sends so many emails, a worm like Sobig also saps bandwidth and slows network performance. Worse, it can also open up a user's computer port, making it vulnerable to hackers, who can plant dangerous Trojans. These malicious programs often let unauthorized users remotely take over a system, steal personal information or use the infected PC to send spam.

What are the common subject lines, attachment names and message content associated with W32/Sobig.f@MM emails?
Subject:
  • Your details
  • Thank you!
  • Re: Thank you!
  • Re: Details
  • Re: Re: My details
  • Re: Approved
  • Re: Your application
  • Re: Wicked screensaver
  • Re: That movie
  • Re: That movie
Attachment:
  • your_document.pif
  • document_all.pif
  • thank_you.pif
  • your_details.pif
  • details.pif
  • document_9446.pif
  • application.pif
  • wicked_scr.scr
  • movie0045.pif
Body:
  • See the attached file for details
  • Please see the attached file for details
How do you know if you've been infected?
The worm copies itself onto an infected machine as:

C:\WINNT\WINPPR32.EXE

How do you clean your system if it's already infected?
Download McAfee Stinger. A stand-alone utility used to detect and remove specific viruses, it is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.
How do you prevent future attacks?
Update your anti-virus software. Always ensure your virus definition DAT files are current. If you do not own anti-virus software, order McAfee VirusScan here.
Looking for more information about the worm?
For a more detailed description of Sobig and its characteristics, visit the Virus Profile page.
New Users: Get Protected Now
   Buy VirusScan
   Buy McAfee Personal Firewall Plus
Existing Users: Make Sure Your Protection Is Up to Date
   Update VirusScan
   Update Personal Firewall Plus

Advertisement