We have reports of a new worm called W32/Sobig.A which is in the wild, i.e., reported to be infecting a good number of computers. This worm arrives as an e-mail attachment and requires users to run the executable. The worm tries to download a backdoor from a specific website.
Subject line:
The subject can be one of the below:
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample
Message body:
The body of the mail can be empty, or contain a single line:
"Attached file:"
Attachment filename:
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif
Attachment size:
65,536 bytes
If the user runs the executable the worm will send infected emails to addresses found in .txt .eml .html, .htm, .dbx and .wab files from disk. W32/Sobig.A will also use its own SMTP routines for propagation.
Severity:
High distribution rate and installs a backdoor on the infected system.
Avoidance Action:
Make sure your virus definition files are up to date. Block all incoming
and outgoing pif files.
For more updated information: http://www.gfi.com/security
References:
http://www.norman.com/virus_info/w32_sobig_a_mm.shtml
http://www.bitdefender.com/virusi/virusi_descrieri.php?virus_id=120
http://vil.nai.com/vil/content/v_99950.htm
About GFI
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.
All product and company names herein may be trademarks of their respective owners.
| 
Products
