Новини
Форум
Актуално
сървърНе виждам някой да е писал за това. Понеже около мен пропищяха масово тези дни, подробности за вируса има на сайта на Symantec:
Removal tool
http://securityresponse.symantec.com...r/FixSbigF.exe
Не виждам някой да е писал за това. Понеже около мен пропищяха масово тези дни, подробности за вируса има на сайта на Symantec:
Removal tool
http://securityresponse.symantec.com...r/FixSbigF.exe
на Сайта на Symantec пише:
<blockquote id="quote"><font size="1" id="quote"><b id="quote">цитат:</b id="quote"></font id="quote"><table border="0" id="quote"><tr id="quote"><td class="quote" id="quote"><font size="1" id="quote">Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 4 from a Category 3 threat as of August 21, 2003.
W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files that have the following extensions:
.dbx
.eml
.hlp
.htm
.html
.mht
.wab
.txt
The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.
Email routine details
The email message has the following characteristics:
From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may also use the address admin@internet.com as the sender.
NOTES:
The spoofed addresses and the Send To addresses are both taken from the files found on the computer. Also, the worm may use the settings of the infected computer's settings to check for an SMTP server to contact.
The choice of the internet.com domain appears to be arbitrary and does not have any connection to the actual domain or its parent company.
Subject:
Re: Details
Re: Approved
Re: Re: My details
Re: Thank you!
Re: That movie
Re: Wicked screensaver
Re: Your application
Thank you!
Your details
Body:
See the attached file for details
Please see the attached file for details.
Attachment:
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
wicked_scr.scr
movie0045.pif
NOTES:
The worm de-activates on September 10, 2003. The last day on which the worm will spread is September 9, 2003.
The aforementioned deactivation date applies only to the mass-mailing, network propagation, and email address collection routines. This means that a W32.Sobig.F@mm infected computer will still attempt to download updates from the respective list of master servers during the associated trigger period, even after the infection de-activation date. Previous variants of Sobig exhibited similar behavior.
Outbound udp traffic was observed on August 22nd coming from systems infected with both Sobig.E and Sobig.F. However the target IP addresses were either nor responding/taken offline or contained not executable content i.e. a link to a adult site.
W32.Sobig.F@mm uses a technique known as "email spoofing," by which the worm randomly selects an address it finds on an infected computer. For more information on email spoofing, see the "Technical Details" section below.
Symantec Security Response has developed a removal tool to clean the infections of W32.Sobig.F@mm.
</td id="quote"></tr id="quote"></table id="quote"></blockquote id="quote"><font size="2" id="quote"></font id="quote">
Ето и моите наблюдения:
Връщам се от море и гледам единия ми емейл пълен до горе с боклуци от рода на "Please see the attached file for details." имах над 100 такива, зави ми се свят докато ги изтрия.
Съветвам да внимавате че и от доста от вас имам такива писъмца!
