Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 28th, 2008, 1:55pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Sobig.E variant		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Sobig.E variant  (Read 387 times)
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Sobig.E variant
« on: Jun 28th, 2003, 4:37pm »		 Quote Quote  Modify Modify
Another version to watch for...
 
Sobig.E is sent via e-mail, compressed in a zip file, creating an added danger as to date, there have been few viruses that have propagated in this way and many users may not have the option to scan this particular type of compressed file enabled in their antiviruses.  
 
Sobig.E infects Win9x, ME, NT, 2000 and XP systems. It is sent out, using its own SMTP engine, to addresses it finds in all directories in files on the infected system with the  following extensions: .TXT, .EML, .HTM*, .DBX, .WAB.
 
The e-mail containing Sobig.E has the following characteristics:
 
Possible subjects include:
Re: Movie
Re: Application
 
Message text: Please see the attached zip file for details.
 
Attachment: Your_details.zip
 
Sobig.E creates two files in the affected computer, one called "%windir%\winssk32.exe", which contains the worm's code, and the other called "msrrf.dat". It also creates two keys in the Windows registry.
IP Logged
... but crap arrives pretty much straight away.
maxqnz
Newbie
*




Walekam salaam, noho ora mai!

   
WWW  

Posts: 26
Re: Sobig.E variant
« Reply #1 on: Jun 29th, 2003, 12:22am »		 Quote Quote  Modify Modify
on Jun 28th, 2003, 4:37pm, Ian wrote:
Another version to watch for...
 
Sobig.E is sent via e-mail, compressed in a zip file, creating an added danger as to date, there have been few viruses that have propagated in this way and many users may not have the option to scan this particular type of compressed file enabled in their antiviruses.  
 
Sobig.E infects Win9x, ME, NT, 2000 and XP systems. It is sent out, using its own SMTP engine, to addresses it finds in all directories in files on the infected system with the  following extensions: .TXT, .EML, .HTM*, .DBX, .WAB.
 
The e-mail containing Sobig.E has the following characteristics:
 
Possible subjects include:
Re: Movie
Re: Application
 
Message text: Please see the attached zip file for details.
 
Attachment: Your_details.zip
 
Sobig.E creates two files in the affected computer, one called "%windir%\winssk32.exe", which contains the worm's code, and the other called "msrrf.dat". It also creates two keys in the Windows registry.

 
 
I've received about 8 of these in the last 18 hours, but thanks to PMail's selective download, I haven't had to waste time and bandwidth on them, just delete them from the server.
IP Logged
ओ पालनहारे, तुमरे बिन हमरा कौनों नहीं
What's a pieriansipist?
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Re: Sobig.E variant
« Reply #2 on: Jun 30th, 2003, 10:18pm »		 Quote Quote  Modify Modify
So they do exist? I've never encountered any of the variants at home. Work is different - there's no educating kids about dangers these days, that's why we have Sophos running on the servers at the city centre server farm. Stuff still gets through, though not the harmful payloads like this - mostly annoyances like Gator or WildTangent that the kids click through when trying for all those on-line games...
IP Logged
... but crap arrives pretty much straight away.
maxqnz
Newbie
*




Walekam salaam, noho ora mai!

   
WWW  

Posts: 26
Re: Sobig.E variant
« Reply #3 on: Jun 30th, 2003, 10:52pm »		 Quote Quote  Modify Modify
on Jun 30th, 2003, 10:18pm, Ian wrote:
So they do exist? I've never encountered any of the variants at home.

 
I haven't had any in over 24 hours now, so the rate of infection must be slowing.
IP Logged
ओ पालनहारे, तुमरे बिन हमरा कौनों नहीं
What's a pieriansipist?
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Re: Sobig.E variant
« Reply #4 on: Jun 30th, 2003, 11:44pm »		 Quote Quote  Modify Modify
Presumably it's easy to spot, and that's why there have been so many variants in such a short time - 5 in 3 weeks or so. This one seems to be slightly different in the way it latches into Windows, so it may spring of into a new 'family line' - we wait and see!
IP Logged
... but crap arrives pretty much straight away.
maxqnz
Newbie
*




Walekam salaam, noho ora mai!

   
WWW  

Posts: 26
Re: Sobig.E variant
« Reply #5 on: Jun 30th, 2003, 11:51pm »		 Quote Quote  Modify Modify
on Jun 30th, 2003, 11:44pm, Ian wrote:
Presumably it's easy to spot, and that's why there have been so many variants in such a short time - 5 in 3 weeks or so. This one seems to be slightly different in the way it latches into Windows, so it may spring of into a new 'family line' - we wait and see!

 
 
Yep, those  dear wee script kiddies have to find some way to pass their time, obviously.
IP Logged
ओ पालनहारे, तुमरे बिन हमरा कौनों नहीं
What's a pieriansipist?
Ian
Stole All the Forum Stars
********



Good things come to those who wait ...

   


Posts: 2907
Re: Sobig.E variant
« Reply #6 on: Jul 1st, 2003, 12:28am »		 Quote Quote  Modify Modify
Grin Bless them.
 
Sorry, that was slightly abbreviated - I mean 'Bless them with RSI and splitting headaches after 10 minutes looking at a monitor.'
 
Any way, they're only doing what they've been taught - to plagiarise other work. Otherwise, why would kids think they can get away with handing in Encarta printouts, Internet grabs and essay bank stuff as their own work.
IP Logged
... but crap arrives pretty much straight away.
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register