[Dshield] new virus/attachment

jdoub@krispykreme.com jdoub at krispykreme.com
Thu Jun 26 13:42:02 GMT 2003

It is W32/Sobig.E at MM. Here's what Trend Micro has to say about it:

This nondestructive worm propagates via network shares and via email
using its own SMTP (Simple Mail Transfer Protocol) engine. It gathers
its target email addresses from files with WAB, DBX, HTM, HTML, EML and TXT
file extensions.

 The email message has varying subjects, and has a messsage body that
 states "Please see attached file." It also contains a ZIP file attachment
 with the file name Your_details.zip. This ZIP file contains the copy of
 the worm with the filename DETAILS.PIF.

For more information on WORM_SOBIG.E please visit our Web site at:

Jeanne M. Doub

More information about the list mailing list