W32/Sobig.B@mm, a new worm spreading fast
W32/Sobig.B@mm, also known as W32/Palyh@mm, W32/Emesache@mm, W32.HLLM.Ccn@mm and W32.HLLW.Manx@mm, is a new mass mailer and worm, discovered on the 19th of May. Its distribution has been tremendously fast, and has reached a geographically wide distribution in a relatively short time period.
W32/Sobig.B@mm spreads both via infected e-mail attachments and via open network resources.
It spreads via e-mail by sending itself to e-mail addresses harvested on the infected computer in all files with .DBX, .EML, .HTM, .HTML, .TXT, and .WAB extensions on found on the computer.
Messages containing an attachment infected with W32/Sobig.B@mm will bear the following characteristics:
The subject is randomly chosen from this list:
Re: My application
Re: My details
Re: Approved (Ref: 3394-65467)
Approved (Ref: 38446-263)
Name of attachment:
W32/Sobig.B@mm is detected with the latest versions of F-Prot Antivirus products using virus signature files created on the 19th of May or later.