The Computer Guys

Miami to Fort Lauderdale Since 1994 - Thank You!

 

 

We Build the Best & Repair the Rest! ©

 

Alerts July 2003

FAQ Search Virus Alerts Hardware Faqs

 

 

March 2004
August 2004
November 2004
October 2004
April 2004
July 2004
Virus Alert Calendars
May 2004
September 2004
June 2004
January 2004
February 2004
Alerts 2003
Alerts Jan 2004
Alerts Feb 2004
Alerts March 2004
Alerts April 2004
Alerts Top 10 May 2004
Alerts Top10 June 2004
Alerts Top 10 July 2004
Alerts August 2004
Alerts September 2004
Alerts Oct 2004
Alerts November 2004
Alerts December 2004

 

 

 

April 2003 Alerts 2002 Alert Jan 2003 Alert February 2003 Alerts March 2003 Alerts April 2003 Alerts May 2003 Alerts June 2003 Alerts July 2003 Alerts August 2003 Alerts September 2003 Alerts October 2003 Alerts November 2003 Alerts December 2003

 

 

 

 

Our VIRUS Alert Post  2003

          Here you will find recent virus alerts...

 

Top ten viruses reported to Sophos in July 2003

Position Last
month		 Virus Percentage of reports
1 New W32/Sobig-E
   47.8%
2 1 W32/Bugbear-B
   11.0%
3 3 W32/Klez-H
   5.9%
4 Re-entry W32/Sobig-A
   2.7%
5 New W32/Parite-B
   0.9%
6 3 W32/Sobig-B
   0.9%
7 New W32/Ganda-A
   0.8%
8 8 W32/Opaserv-G
   0.7%
9 New W32/Sobig-D
   0.7%
10 New W95/Dupator
   0.7%
Others 27.9%

 

This section helps you to understand how it behaves
This worm arrives via email and attempts to travel via network shares. The worm sends itself as an attachment to email addresses collected from infected computers.

A typical email has the following format:

Subject line:
Re: Application
or
Re: Movie

Message text:
Please see the attached zip file for details

Attached file:
your_details.zip (containing details.pif)

W32/Sobig-E may spoof the From field of the sent emails using the email address support@yahoo.com or addresses collected from the user's computer.

When run W32/Sobig-E copies itself into the Windows folder as winssk32.exe and sets the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSK Service
= <Windows folder>\winssk32.exe
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SSK Service
= <Windows folder>\winssk32.exe

Like previous variants W32/Sobig-E attempts to spread in Windows shares by copying itself into the following folders on shares:

Windows\All Users\Start Menu\Programs\StartUp\
Documents and Settings\All Users\Start Menu\Programs\Startup\

W32/Sobig-E will not spread if the date is 14th July or later
 

 
This web is optimized for 800 x 600 monitor resolution or above and the latest web browser.  Get the latest IE or Netscape web browser. (you need to connect to the internet first)

 

 

Copyright © 1998 The Computer Guys

 Back Home Up Next