Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Sobig.E@mm

Overview

Threat Risk HIGH HIGH
Destructivity NONE NONE
Payload
Detection files published 24 Jun 2003 03:00:00
Description created 25 Jun 2003 08:28:00
Description updated 27 Jun 2003 12:35:00
Malware type WORM
Alias
Spreading mechanism EMAIL
NETWORK
Summary None

W32/Sobig.E@mm

Spreading

This worm is largely similar to the previous versions, except that it arrives in a zip file.When it is run, it will copy itself to the Windows directory under the name WINSSK32.EXE. It will then search files on the infected machine for email addresses to send itself to.Registry keys will be created to start the worm from bootup:HKCU\Software\Microsoft\Windows\CurrentVersion\Run"SSK Service"="[WINDIR]\winssk32.exeHKLM\Software\Microsoft\Windows\CurrentVersion\Run"SSK Service"="[WINDIR]\winssk32.exeThe worm will then also copy itself to network shares.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11