SecurityHome.eu Win32.Sobig.A@mm

Home / malware PDF

Win32.Sobig.A@mm

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Sobig.A@mm is also known as N/A.
Explanation :
The worm searches on all the fixed drives for files with extensions: .TXT, .EML, .HTM, .HTML, .DBX, and .WAB, collect from there e-mail addresses, and sends itself in messages with one of the subjects:

Re: Document
Re: Here is that sample
Re: Movies
Re: Sample

The body of the mail can be empty, or contain a single line:

Attached file:

The name of the attachment (worm executable) is one of:

Document003.pif
Movie_0074.mpeg.pif
Sample.pif
Untitled1.pif

The worm also tries to connect to network shares, and copy itself to remote computer in the following directories:

Documents and SettingsAll UsersStart MenuProgramsStartup
WindowsAll UsersStart MenuProgramsStartUp
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20