Hallo,
Ich bekomm in letzter Zeit immer e-mails mit dem Absender [email protected]
Jetzt wollte ich mal fragen, ob sich da jemand auskennt, ob das ein Virus ist, oder was das soll (ich hab die mails na klar gelöscht)
Mit herzlichen Grüßen
und have a nice day
Pefi
Hi
daran tust du GUT!
da mit verbreitet sich
Quelle: http://www.AVP.ch
I-Worm.Sobig
This is a worm virus spreading via the Internet being attached to infected emails. It also downloads and setups Backdoor program. The worm itself is a Windows PE EXE file about 64 Kb of length (compressed by TeLock), Microsoft Visual C++.
The infected messages have the following properties:
From:
[email protected]
Subject: (one of the following)
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample
Attachment: (one of the following)
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif
The worm activates from an infected email only in case a user clicks on attached file. The worm then installs itself to the system, runs spreading routine and payload.
Installing
While installing the worm copies itself to Windows directory with the name WINMGM32.EXE and registers that file in system registry auto-run key.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
„WindowsMGM“ = \winmgm32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
„WindowsMGM“ = \winmgm32.exe
Spreading via E-mail
To send infected messages the worm uses SMTP server. The worm looks for files *.WAB, *.DBX, *.HTM, *.HTML, *.EML, *.TXT scans them and gets the string with e-mails.
Spreading vie Local Network
The worm enumerates shares on the network, tries to copy itself to one of the following folders with the name WINMGM32.EXE.
Windows\All Users\Start Menu\Programs\StartUp\
Documents and Settings\All Users\Start Menu\Programs\Startup\
usw.
Gruss HH