Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Sobig.D@mm

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 18 Jun 2003 03:00:00
Description created 18 Jun 2003 08:55:00
Description updated 19 Jun 2003 02:28:00
Malware type WORM
Alias
Spreading mechanism EMAIL
NETWORK
Summary None

W32/Sobig.D@mm

Spreading

The worm copies itself into the Windows directory under the name CFTRB32.EXE, and creates the following registry keys to itself in order to run from startup:HKCU\Software\Microsoft\Windows\CurrentVersion\Run SFTrb Service = [WINDIR]\cftrb32.exeHKLM\Software\Microsoft\Windows\CurrentVersion\Run SFTrb Service = [WINDIR]\cftrb32.exeIt will now examine several sources on the infected machine in order to find addresses to mail itself to.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14