RootsWeb.com Mailing Lists
Total: 1/1
    1. [KNIGHTS-OF-LABOR] Fw: Worm characteristics
    2. Diana Boothe
    3. Heads up on a very new----very mean virus. Though I don't normally do this, and do request that you NOT reply to the list, but to me, List Mom, personally, I feel this is something that everyone needs to be aware of. For those who do NOT have an anti-virus program, or who have more questions, please contact me OFF list. :o) Take Care, Diana philsbarbie1@arkansasfamilies.net AllFamilies Scrapbook: http://www.arkansasfamilies.net/famscrapindex.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Linda Schwartz who admins the Trondelag list gave permission to forward a very clear explanation of elements of these virus messages. W32.Sobig.F@mm Discovered on: August 19, 2003 Last Updated on: August 19, 2003 05:07:51 PM W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in the files with the following extensions: * .dbx * .eml * .hlp * .htm * .html * .mht * .wab * .txt The worm uses its own SMTP engine to propagate and will attempt to create a copy of itself on accessible network shares. Email Routine Details The email message has the following characteristics: From: Spoofed address (which means that the sender in the "From" field is most likely not the real sender). The worm may use the address admin@internet.com as the sender. Subject: * Re: Details * Re: Approved * Re: Re: My details * Re: Thank you! * Re: That movie * Re: Wicked screensaver * Re: Your application * Thank you! * Your details Body: * See the attached file for details * Please see the attached file for details. Attachment: * your_document.pif * document_all.pif * thank_you.pif * your_details.pif * details.pif * document_9446.pif * application.pif * wicked_scr.scr * movie0045.pif My note: While I do not have an infected computer, I have seen my email addresses forged (when **I** get a mail bounce for something I did not send). I suspect that someone I have communicated with in the past may have had his/her computer attacked with a virus. Or my addresses have been harvested from message boards, web pages, etc.

    08/21/2003 08:58:36