You are here

HomeDennis Faas › W32.sobig.b@mm.html email worm virus removal

W32.sobig.b@mm.html email worm virus removal

Dennis Faas's picture
by Dennis Faas on May, 20 2003 at 08:05AM EDT

Today I received well over 200 virus-infected emails, courtesy of the W32.sobig.b@mm.html and Friendship Screensaver worm / virus.

So, why do I get bombarded with email viruses more than the average Joe?

The answer to my dilemma is compound. Since literally thousands of users have emailed me in the past ... and because mail programs such as Outlook / Outlook Express automatically save contacts [email addresses] once mail has been replied to, ... and and because most email viruses propagate through email Contact Lists: my email addresses have been become exceptionally targeted by email worms.

Lucky me.

Details about the W32.sobig.b@mm.html Virus

W32.sobig.b@mm.html propagates by email and network shares. The worm arrives with a file attachment, supposedly from support@microsoft.com.

Note, however, that the email isn't really from Microsoft: this information has been falsified by the virus. You should never open an email attachment unless you specifically asked for a file and you recognize the source.

W32.sobig.b@mm.html email may use the following subject lines:

  • Your details
  • Approved (Ref: 38446-263)
  • Re: Approved (Ref: 3394-65467)
  • Your password
  • Screensaver
  • Re: My details
  • Cool screensaver
  • Re: Movie
  • Re: My application

W32.sobig.b@mm.html also has aliases

According to Symantec, the W32.sobig.b@mm.html is also known as: W32.HLLW.Mankx@mm, W32/Palyh@MM [McAfee], W32/Palyh-A [Sophos], I-Worm.Palyh [KAV], WORM_PALYH.A [Trend], or Win32.Palyh.A [CA].

How to avoid infection

Do not open / execute any email attachment that you do not recognize. For additional protection, firewall and anti-virus software are recommended. See "Free anti-virus and anti-hacker software" (below) for further detail.

Virus propagation and payload

The worm propagates by sending itself to email addresses found on an infected machine. The only threat is large-scale emailing, which generally slows Internet response and clogs mailboxes (sound familiar?).

Removal and Additional Information

Symantec Security Response has provided a free-to-use tool to remove W32.Sobig.B@mm. Sophos.com provides very easy-to-follow instructions for manual removal (see "Recovery"). In-depth information about this worm can be found online the Symantec web site:

http://securityresponse.symantec.com

RE: Free Anti-Virus and Anti-Hacker Software

A little while back, I put together a report on How to Stop Hackers and Viruses -- all without the need to spend a penny. The report is used to entice users to subscribe to this newsletter and contains links to free anti-virus and anti-hacker firewall software:

http://www.infopackets.com/hacking+hackers+hack.htm

Filed under:
Security
| Tags:
free anti-virus
,
email addresses
,
worm
,
sobig
,
html
,
software
,
w32
,
mm
,
symantec
Rate this article: 
No votes yet
Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.