[PBARC] High Risk Virus Alert

[E. Glenn Wolf, Jr.]

        ++++++++++++++++++++++++++++++++++++++++++++++++++
                WinProxy and eShield Virus Alert
                        HIGH RISK VIRUS
        ++++++++++++++++++++++++++++++++++++++++++++++++++
			  =20
Dear Ositis customer,

We have received several infection reports of this mass-mailing worm, =
which=20
propagates by mass-mailing copies of itself using its own Simple Mail=20
Transfer Protocol (SMTP) engine. It collects email addresses from files=20
with the following extensions:

    * DBX
    * HLP
    * MHT
    * WAB
    * HTML
    * HTM
    * TXT
    * EML

It sends out email messages with the following details:

   Subject: <any of the following:>
   Re: Thank you!
   Thank you!
   Re: Details
   Re: Re: My details
   Re: Approved
   Re: Your application
   Re: Wicked screensaver
   Re: That movie

Message body: <any of the following:>
See the attached file for details.
Please see the attached file for details.

Attachment: <any of the following:>
   your_document.pif
   document_all.pif
   thank_you.pif
   your_details.pif
   details.pif
   document_9446.pif
   application.pif
   wicked_scr.scr
   movie0045.pif

It may spoof the FROM field using email addresses found on the infected=20
machine so that its email messages appear to originate from one source=20
but was actually sent from another.

This worm deactivates its propagation routine on September 10, 2003.

This worm runs on Windows 95, 98, ME, NT, 2000, and XP.

Don't be a victim - make sure your virus definitions are up to date and=20
that your antivirus subscription is valid!

PATTERN FILE
WORM_SOBIG.F is detected by pattern file #618 or above from Trend Micro, =

pattern file 3.67414 or above from Panda Software, pattern file =
3.72.83542
and=20
above from Sophos, and pattern file 4.2.60.78376 from McAfee.