Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Sobig.C@mm

Overview

Threat Risk HIGH HIGH
Destructivity NONE NONE
Payload
Detection files published 31 May 2003 03:00:00
Description created 01 Jun 2003 04:45:00
Description updated 02 Apr 2004 04:48:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

W32/Sobig.C@mm

Spreading

n/a

Payload Details

This is a new worm in the Sobig family.
When the attachment is executed the worm collects email addresses from various files types on the infected computer and sends itself to those addresses.

Lumension's sandbox reports that the worm performs the following actions:


Creates the file mscvb32.exe in the computer's Windows directory.
Adds this value to the Registry keys so that the worm is run each time the computer is started.
HKLM/Software/Microsoft/Windows/CurrentVersion/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/Run
Worm spreading over a network connection.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12