- August 6, 2003
- February 13, 2007 12:04:48 PM
Also Known As:
- I-Worm.Sowsat.f [KAV]
W32.Sowsat.B@mm is a mass-mailing worm that spreads by using its own SMTP engine. The email will have variable subjects and variable attachment names. The attachment should have a .exe file extension.
An email claiming to be from Symantec was spammed to a large number of individuals in an attempt to get users to download and execute this worm. Please see the Additional information section for details.
W32.Sowsat.B@mm is written in Borland Delphi and is packed with UPX.
In August 2003, Symantec Security Response received reports that an individual was sending email, which claims to be sent from Symantec, to get the recipient to download and execute this Worm.
The email has the following characteristics:
From: Symantec.Brasil [firstname.lastname@example.org]
Subject: Cuidado com sues e-mails
The email may appear as the following:
Antivirus Protection Dates
Initial Rapid Release version August 7, 2003
Latest Rapid Release version March 23, 2017 revision 037
Initial Daily Certified version August 7, 2003
Latest Daily Certified version March 23, 2017 revision 041
Initial Weekly Certified release date August 13, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Scott Gettis