W32/Sobig.C@mm

W32/Sobig.C@mm	Destructivity: Spreading: Overall risk:

• Detected by virus detection files published: 6/1/2003	• Type: Worm
• Virus characteristics first published: 6/1/2003	• Spreading mechanism: Email
• Virus characteristics latest update: 4/2/2004	• Overall risk: High
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista

Virus type

Spreading
mechanism

Destructivity
and payload

Additional
descriptions

Detection
and removal

This is a new worm in the Sobig family.
When the attachment is executed the worm collects email addresses from various files types on the infected computer and sends itself to those addresses.

Norman's sandbox reports that the worm performs the following actions:

Creates the file mscvb32.exe in the computer's Windows directory.

Adds this value to the Registry keys so that the worm is run each time the computer is started.
HKLM/Software/Microsoft/Windows/CurrentVersion/Run
HKCU/Software/Microsoft/Windows/CurrentVersion/Run

Worm spreading over a network connection.

# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z

VIRUSfighter

Microsoft Certified Partner

W32/Sobig.C@mm