Malware type: Worm

Aliases: W32/Sobig.dam (McAfee), Worm/Sobig.B (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Description: 
This worm propagates by using its own SMTP engine to mass-mail copies of itself to other users. It sends email with the following details:

From: support@microsoft.com
Subject: (any of the following)
Approved (Ref: 38446-263)
Cool screensaver
Re: Approved (Ref: 3394-65467)
Re: Movie
Re: My application
Re: My details
Screensaver
Your details
Your password

Message Body:
All information is in the attached file.

Attachment: (any of the following)
application.pif
approved.pif
doc_details.pif
movie28.pif
password.pif
ref-394755.pif
screen_doc.pif
screen_temp.pif
your_details.pif

This worm runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 18, 2003 8:42:39 PM GMT -0800
Description updated: May. 18, 2003 8:52:33 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.