**heads up** - a new virus alert

  1. dub
    29,544 Posts.
    lightbulb Created with Sketch. 155

    This has just arrived.


    Dear Customer,

    Capital Security Solutions and Norman have issued a warning regarding a new worm found in the wild called W32/Sobig.F

    Norman's current risk evaluation is HIGH.

    General characteristics
    * Type: Worm
    * Spreading mechanism: Email
    * Email characteristics:
    o Subject: Variable
    o Body: Variable
    o Attachment: Variable
    * Destructivity: None
    * Detected by virus detection files published: 19 Aug 2003
    * Virus characteristics first published: 19 Aug 2003 10:22 (CET)
    * Virus characteristics latest update: 19 Aug 2003 12:16 (CET)


    This is another worm in the Sobig series. File size is about 72295 bytes, although this may vary some.

    When run, it will copy itself to the Windows directory under the name winppr32.exe. It creates the registry keys:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run "TrayX"="[WINDIR]\winppr32.exe /sinc".
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run "TrayX"="[WINDIR]\winppr32.exe /sinc".
    This enables it to run from startup.
arrow-down-2 Created with Sketch. arrow-down-2 Created with Sketch.