Okay kids, there’s a relatively new worm floating around and I’ve seen at least three people get it in the last 24 hour period, so heads up.
(I did a search and Tuckerfan started a thread about it when it showed up in his in-box, but that was a coupla months ago, when it was only two days old, and I don’t think many people got to see it. Since it seems to be gathering momentum, I thought it warranted a new thread, and one with “email@example.com” in the thread title.)
It’s called “sobig” and it’s a pretty standard worm with a trojan spoojed onto it.
Here is Symantic’s description.
The email message has the following characteristics:
Subject: The subject will be one of these:[ul][li]Re: MoviesRe: SampleRe: DocumentRe: Here is that sample[/ul][/li]
Attachment: The attachment will be one of these:[ul][li]Movie_0074.mpeg.pifDocument003.pifUntitled1.pifSample.pif[/ul][/li]
Before W32.Sobig.A@mm sends the messages, it sends a message to an address at pagers.icq.com.
The worm also attempts to copy itself to the following folders on all the open network shares:[ul][li]\Windows\All Users\Start Menu\Programs\StartUpDocuments and Settings\All Users\Start Menu\Programs\Startup[/ul]Note: Symantec Security Response has received reports of W32.Sobig.A@mm downloading and installing the Backdoor Trojan, Backdoor.Lala.[/li][/quote]
In case you have opened the attachment, Symantec has provided a
free removal tool to clean your computer.
It practically goes without saying that only folks using any of the various flavours of Windows need be concerned about this-- Mac & Linux users can continue to feel smug and secure. Oh, and I guess Windows users who don’t open e-mail attachments from strangers based on the vague hope that they might contain p.orn are okay, too.