high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | November 2005 (3.99) |
| Protection available since | 10 September 2005 15:27:12 (GMT) |
| Last updated | 4 October 2005 10:27:55 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Bobax-S is an email and network worm for the Windows platform.
W32/Bobax-S can send itself to email addresses harvested from the infected computer and spread to other computers by exploiting the PNP (MS05-039) vulnerability.
W32/Bobax-S attempts to contact a number of preconfigured internet sites in order to report successful infection.
Emails sent by the worm have the following characteristics:
Subject line:
Cool
Message text taken from:
Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found
Osama Bin Laden Captured.
Attached some pics that i found
Testing
Secret!
Hey,
Remember this?
Hello,
Long time! Check this out!
Hey,
I was going through my album, and look what I found..
Hey,
Check this out :-)
+++ Attachment: No Virus found
+++ Panda AntiVirus - You are protected
+++ www.pandasoftware.com
+++ Attachment: No Virus found
+++ Norman AntiVirus - You are protected
+++ www.norman.com
+++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ www.f-secure.com
+++ Attachment: No Virus found
+++ Norton AntiVirus - You are protected
+++ www.symantec.com
Possible attachment filenames:
pics.1
funny.1
bush.1
joke.1
secret.2
Possible attachment extensions:
pif
exe
scr
zip
W32/Bobax-S is an email and network worm for the Windows platform.
W32/Bobax-S can send itself to email addresses harvested from the infected computer and spread to other computers by exploiting the PNP (MS05-039) vulnerability.
W32/Bobax-S attempts to contact a number of preconfigured internet sites in order to report successful infection.
Emails sent by the worm have the following characteristics:
Subject line:
Cool
Message text taken from:
Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found
Osama Bin Laden Captured.
Attached some pics that i found
Testing
Secret!
Hey,
Remember this?
Hello,
Long time! Check this out!
Hey,
I was going through my album, and look what I found..
Hey,
Check this out :-)
+++ Attachment: No Virus found
+++ Panda AntiVirus - You are protected
+++ www.pandasoftware.com
+++ Attachment: No Virus found
+++ Norman AntiVirus - You are protected
+++ www.norman.com
+++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ www.f-secure.com
+++ Attachment: No Virus found
+++ Norton AntiVirus - You are protected
+++ www.symantec.com
Possible attachment filenames:
pics.1
funny.1
bush.1
joke.1
secret.2
Possible attachment extensions:
pif
exe
scr
zip
The worm injects code into the explorer process in an attempt to evade firewalls. W32/Bobax-S may also be used as an email proxy or relay, allowing remote users the ability to route email anonymously through the infected computer.
A patch for the vulnerability exploited by W32/Bobax-S is available from:
|
