1. Symantec/
  2. Security Response/
  3. W32.Sowsat.B@mm


Risk Level 2: Low

August 6, 2003
February 13, 2007 12:04:48 PM
Also Known As:
I-Worm.Sowsat.f [KAV]
Systems Affected:

W32.Sowsat.B@mm is a mass-mailing worm that spreads by using its own SMTP engine. The email will have variable subjects and variable attachment names. The attachment should have a .exe file extension.

An email claiming to be from Symantec was spammed to a large number of individuals in an attempt to get users to download and execute this worm. Please see the Additional information section for details.

W32.Sowsat.B@mm is written in Borland Delphi and is packed with UPX.

In August 2003, Symantec Security Response received reports that an individual was sending email, which claims to be sent from Symantec, to get the recipient to download and execute this Worm.

The email has the following characteristics:

From: Symantec.Brasil [symantec.brasil@uol.com.br]
Subject: Cuidado com sues e-mails

The email may appear as the following:

Antivirus Protection Dates

  • Initial Rapid Release version August 7, 2003
  • Latest Rapid Release version March 23, 2017 revision 037
  • Initial Daily Certified version August 7, 2003
  • Latest Daily Certified version March 23, 2017 revision 041
  • Initial Weekly Certified release date August 13, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Scott Gettis

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube