Origins: Sobig.F is the latest variant of yet another mass-mailing worm which exploits a vulnerability in the Microsoft Outlook e-mail client on Windows 95, 98, ME, NT, 2000, and XP platforms to replicate itself by mailing out messages with forged return addresses. The payload is contained in attachments to messages bearing one of the following subject lines:
My Details
Your Details
Thank you!
That movie
Approved
Application
Wicked screensaver
Re: My Details
Re: Your Details
Re: Thank you!
Re: That movie
Re: Details
Re: Approved
Re: Your application
Re: Wicked screensaver
The file name of the infected attachment will match one of the following:
wicked_scr.scr
movie0045.pif
your_document.pif
document_all.pif
thank_you.pif
your_details.pif
details.pif
document_9446.pif
application.pif
Trend Micro provides a system cleaner on its web site which will remove Sobig.F.
