New variant of the SoBig worm, comes with a 82KB email attachment.

Name: I-WORM.SoBig.E


Type: Internet Worm

Size: 82195 bytes 

Platform: Win 95/98/ME/NT/2000/XP 


SoBig.E is a new variant of the I-Worm (Internet Worm) SoBig. this worm spread itself throug email messages, retrieving address from Outlook's contacts or html files.

The worm sends email messages with this sender: support@yahoo.com 

or with other senders. 


Messages could have the following subjects: 

Re: Movie, Re: Movies, Re: Submited (Ref: 003746), Re: Screensaver, Re: Documents, Re: Re: Application ref. 003644, Re: Re: Document, Your application.


And could have the following attachments:

details.pif, application.zip, application.pif, document.zip, document.pif, screensaver.zip, sky_world.scr, Movie.zip, Movie.pif. 


.ZIP files contain executables infected by the SoBig. If you execute an infected file, SoBig.E creates winssk32.exe inside Windows folder, it then edits the registry to execute that file at every startup.

SoBig.E could spread itself through LAN, copying itself on the StartUp Windows' folder.

Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: