Abstract
A Windows worm known as W32.Sobig.B (but also as the Palyh and the Mankx worm) is arriving in the form of an attachment in messages that appear to be from Microsoft support. Sobig.B creates and then sends messages to addresses it finds in address books of systems it infects. The indicated address of the sender is support@microsoft.com. Subject lines vary, but 'Screensaver', 'Cool Movie', 'Re: My application', 'Approved (Ref: 38446-263)', and 'Your password' are frequently used. The name of the attachment that contains this worm has a .pif file extension, but the actual name varies. 'movie28.pif', 'screen_temp.pif', 'doc_details.pif', 'ref-394755.pif', and 'password.pif' are common attachment names. If the recipient of an infected message that Sobig.B sends opens the attachment, the recipient's system becomes infected. Once the system is infected, Sobig.B creates a Registry entry that causes this worm to be started up whenever the infected system boots.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.