At 11:07 PM 8/19/03 -0700, you wrote:
>A new variant of the "Sobig" virus that circulated a while back. The
>.pif/.scr file attachments to/from random addresses is the giveaway.
A little more information.
Variant of Sobig on the loose.
The worm basically sends itself as an e-mail attachment to addresses
collected from a victim's computer. The worm forges the sender's e-mail
address, making it "difficult to know who is truly infected," according to
an alert on antivirus software vendor Sophos PLC's Web site.
The e-mail appears with subject headers such as "Re: That movie,"
"Re: Wicked screensaver," and "Re: Details." The attached file is
chosen from a list that includes "movieoo45.pif," "wicked_scr.scr"
and "your-document.pif," according to Sophos.
The Sobig variant takes advantage of the Network Time Protocol that's
used by servers to synchronize times to determine when it should stop
propagating itself, according to Sophos. If the date is Sept. 10, 2003,
or later, the worm will no longer propagate.
The DML does not allow attachments. Just be careful with any attachments
that you receive (see above). As long as you don't open them, you'll be
okay.
There's another worm going around as well since July. It's a variation
of the Blaster worm. AFAIK, it attacks networks, not spread by
attachments and Win2000 and XP seem to be the vulnerable OS.
I've done a NAV LiveUpdate and scanned all my files. Got an AOK.
That's all I know for now.
Bob Tom Burlington, Ont., Canada
'97 Dakota Sport, 4x2, CC, Flame red, 5.2L, 44RE auto., 4.56SG
This archive was generated by hypermail 2b29 : Fri Feb 06 2004 - 11:46:47 EST