SoBig is so prevalent, as sixth variant mass mails itself around the world
A new variant of the SoBig worm has been filling inboxes worldwide, after it was mass-mailed to millions of email addresses.
The worm arrives as a .Pif (Program Information file) attachment in emails with the headers:
Re: That movie
Re: Wicked screensaver
Re: Your application
Re: Approved
Re: Re: My details
Re: Details
Your details
Thank you!
The worm is 72,000 bytes. Once activated it copies itself to Windows as 'winppr32.exe' and edits the registry to ensure that it starts whenever the computer boots.
All email addresses on the PC are collected and are then sent copies of the worm using the worm's own SMTP engine.
Source:
http://www.vnunet.com/