| Home | About Us | Products | Support | Downloads | Resellers | Links |
|
|
|
||||||||
|
|
|||||||||
|
|||||||||
Inter Engineering and F-Secure,
leaders in the combat against computer viruses, warn computer users
about the new worm named Sobig C (variant of Palyh also known as Sobig
B)
The worm first appeared on 31 May and has gone worldwide in one day
with a still increasing number of reported infections.
Sobig C is a massmailer e-mail worm which also spreads through Windows
network shares.
It sends out email messages with an infected attachment,
pretending to come from various addresses e.g. bill@microsoft.com.
The user has to click on the attachment to become infected.
The worm will stop spreading if the computers date is set to 8 June
2003 or later.
The worm sends out e-mails which seem to come from various addresses.
It locates these addresses by searching in the infected computer.
Thus if an infected e-mail is received that doesn't mean that the
sender is infected too.
It searches for e-mail addresse in the following files:
.wab
.dbx
.htm
.html
.eml
.txt
As well, error messages might be received, as if the user had sent an infected message from his/her computer. This is a result of the worm sending itself from faked addresses to erroneous ones. The user whose address has been faked will received this errors. Those messages can be safely ignored.
The worm tries to copy itself to these folders:
Windows\All Users\Start Menu\Programs\Startup\
Documents and Settings\All Users\Start Menu\Programs\Startup
In addition it tries to download updates for itseld
by several Geocites URLs. All of these URLs are now closed.
The Worm creates several types of messages
These are the different versions of the e-mails:
Subject:
Re: Screensaver
Re: Movie
Re: Submited (004756-3463)
Re: 45443-343556
Re: Approved
Approved
Re: Your application
Re: Application
Message Body:
Please see the attached file.
Attached file name:
screensaver.scr
movie.pif
submited.pif
45443.pif
documents.pif
approved.pif
application.pif
document.pif
Users are advised to keep their Anti Virus software enabled and
updated. F-Secure Anti-Virus detects Sobig C worm with the updates
published on June 1st, 2003.
About Inter Engineering
Inter Engineering is one of the few companies specialized in Data Security. Since 1992 the company is active in the protection against computer viruses and has since then extended its activities with strong cryptography, access control, copy protection, biometrics and data recovery. The Company cooperates closely with leading providers globally and contributes actively to research and development. Also close relationships with scientific organizations are maintained. Thus Inter Engineering is able to provide consultancy and solutions for almost any Data Security issue.
To contact us: Inter Engineering
P.O. Box 1626
410 02 Larissa, Greece
Tel. +30.2410.670030
Fax. +30.2410.670006
Email: sales@inter.gr