|
Sobig.E virus
Not directly affected
The following operating systems are not directly attacked by this virus:
- MacOS versions prior to MacOS X 10.x
- Unix (including *BSD, Linux, MacOS X 10.x)
Immediate action required
From ACSU:
Open Norton AntiVirus, click the 'LiveUpdate' button, then click the 'Next>'
button. Follow any prompts to allow the LiveUpdate process to complete. This may
take one minute or a few minutes to complete depending on your internet
connection. When complete you will see green ticks or one green tick. Press the
'Finish' button to exit.
Description (from ACSU)
The Sobig.E virus is on medium alert at the moment. It affects Windows based
systems, not Apple Macintosh computers. New virus definitions were released this
morning so please ensure your Norton AntiVirus software is up to date - details
below:
ABOUT THE Sobig.E VIRUS
SobigE infected emails may display the following characteristics:
From: support@yahoo.com (Note: The W32.Sobig.E virus places fake addresses in
this field, so it could be any address.)
Subject: The subject line will be one of the following:
- Re: Application
- Re: Movie
- Re: Movies
- Re: Submitted
- Re: ScRe:ensaver
- Re: Documents
- Re: Re: Application ref 003644
- Re: Re: Document
- Your application
- Application.pif
- Applications.pif
- movie.pif
- Screensaver.scr
- submited.pif
- new document.pif
- Re: document.pif
- 004448554.pif
- Referer.pif
Attachment: The attachment name will be one of the following:
- your_details.zip (contains details.pif)
- application.zip (contains application.pif)
- document.zip (contains document.pif)
- screensaver.zip (contains sky.world.scr)
- movie.zip (contains Movie.pif)
NOTE: The worm de-activates on July 14, 2003, and therefore, the last day on
which the worm will spread is July 13, 2003.
Technical descriptions on web:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.E
|
