Virus name: Sobig.F
Origins: Sobig.F is the latest variant of yet another mass-mailing worm which exploits a vulnerability in the Microsoft Outlook e-mail client on Windows 95, 98, ME, NT, 2000, and XP platforms to replicate itself by mailing out messages with forged return addresses. The payload is contained in attachments to messages bearing one of the following subject lines:
- My Details
- Your Details
- Thank you!
- That movie
- Approved
- Application
- Wicked screensaver
- Re: My Details
- Re: Your Details
- Re: Thank you!
- Re: That movie
- Re: Details
- Re: Approved
- Re: Your application
- Re: Wicked screensaver
The file name of the infected attachment will match one of the following:
- wicked_scr.scr
- movie0045.pif
- your_document.pif
- document_all.pif
- thank_you.pif
- your_details.pif
- details.pif
- document_9446.pif
- application.pif
Trend Micro provides a
Additional Information:
 | WORM_SOBIG.F (Trend Micro) |
Last updated: 29 January 2008
