Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
 |
More on Sobig.F
« on: Aug 20th, 2003, 6:31pm » |
 Quote  Modify
|
The newly detected worm Sobig.F is spreading quickly...
Sobig.F is programmed to spread rapidly via e-mail using so-called social engineering techniques to trick users. Both the subject and text of the message the worm uses to spread, as well as the attached file, are variable.
Once the user runs the attachment carrying the worm, Sobig.F uses its own SMTP engine to send itself out to all the e-mail address it finds in the files with the following extensions TXT, HTM*, WAB, DBX and .EML on the affected computer. It also copies itself to the affected computer under the name winppr32.exe and creates several entries in the Windows Registry in order to ensure that it is run whenever the affected computer is started.
According to latest analysis, Sobig.F can also download files from the Internet. Besides, it has backdoor functions, which allow it to open several communication ports. Finally, it can spread across local networks.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register