Type
Virus
Aliases
Net-Worm.Win32.Bobic.d
W32.Bobax.Z@mm
W32.Proxed
W32/Bobax-N is an email virus for the Windows platform.
W32/Bobax-N has the ability to infect executable files.
W32/Bobax-N can send itself to email addresses harvested from the infected computer.
W32/Bobax-N attempts to contact a number of preconfigured internet sites in order to report successful infection.
Emails sent by the worm have the following characteristics:
Subject line:
Cool
Captured..
He has been captured..
Finally! Captured
Finally
God Bless the USA!
Message text (chosen from):
Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found
Osama Bin Laden Captured.
Attached some pics that i found
Testing
Secret!
Hey,
Remember this?
Hello,
Long time! Check this out!
Hey,
I was going through my album, and look what I found..
Hey,
Check this out
+++ Attachment: No Virus found
+++ Panda AntiVirus - You are protected
+++ www.pandasoftware.com
+++ Attachment: No Virus found
+++ Norman AntiVirus - You are protected
+++ www.norman.com
+++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ www.f-secure.com
+++ Attachment: No Virus found
+++ Norton AntiVirus - You are protected
+++ www.symantec.com
"Turn on your TV.
Osama Bin Laden has been captured.
While CNN has no pictures at this point of time, the military channel (PPV) rele
ased some pictures.
I managed to capture a couple of these pictures off my TV.
Ive attached a slideshow containing all the pictures I managed to capture.
I apologize for the low quality, its the best I could do at this point of time.
Hopefully CNN will have pictures and a video soon.
God bless the USA!"
Possible attached filename stubs:
pics
funny
bush
joke
secret
Possible attached file extensions:
pif
exe
scr
zip
W32/Bobax-N also attempts to disable the Windows firewall and attempts to suppress Windows security warnings.
http://www.sophos.com/virusinfo/analyses/w32bobaxn.html