Pier and Surf Forum banner

1 - 4 of 4 Posts

·
Registered
Joined
·
1,481 Posts
Discussion Starter #1
A new variant of W32/Sobig, W32/[email protected] is a High Risk mass-mailing worm. It arrives as an email attachment with a .pif or .scr extension. When run, it infects the host computer, then emails itself (using its own SMTP engine) to harvested email addresses from the victim's machine. In addition, when it propagates, the worm "spoofs" the "from: field", using one of the harvested email addresses.

Note: The worm copies itself onto the infected machine as: C:\WINNT\WINPPR32.EXE

Caution: An infected email can come from addresses you recognize and may contain the following information:

WHAT TO LOOK FOR:

Subject: [content varies]
- Your details
- Thank you!
- Re: Thank you!
- Re: Details
- Re: Re: My details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
- Re: That movie

Body: [content varies]
- See the attached file for details
- Please see the attached file for details

Attachment: [content varies]
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
- wicked_scr.scr
- movie0045.pif
 

·
Registered
Joined
·
337 Posts
C2H&G,.

I was sent this twice today. fortunately I new about the virus prior to recievign them, but I know a lot of people don't. Thanks for taking the time to inform people.

Fellow P&S er's: this could save you a lot of money.

todd
 

·
Registered
Joined
·
571 Posts
My machines are clean but my inbox is filled daily with undelivered emails to addresses that I do not know. I have had over 100 of these in the last three days.

My virus software is undated daily and my ISP scans all emails in both directions so I stay clean. But, I'm spending all day deleting emails from this beast.

What to do..

I hope this helps.
 

·
Registered
Joined
·
309 Posts
What you describe is a sympom of the Klez worms - there are many variants. They send emails from another machine but use your email address as the From address.

Causes an enormous number of undeliverables.

I sent the "How to.." get rid of it tips to all of my addressees, but it hardly changed a thing.

In the end I had to kill that email account and open another.

A pain but it worked.

Good luck ...
 
1 - 4 of 4 Posts
Top