WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
August 21, 2003
Intruder Alert 3.6 W32_SobigF_Worm Policy

This policy detects the propagation of the W32.SobigF.Worm through changes in the registry.

W32.Sobig.F@mm is a mass-mailing, network-aware worm that sends itself to all the email addresses it finds in various files. The worm uses its own SMTP engine to propagate and attempts to create a copy of itself on accessible network shares, but fails due to bugs in the code.

Download ITA W32_SobigF_Worm Policy

Affected Platforms

Windows 2000
Windows NT


This policy detects activity of W32.SobigF.Worm on an affected system.

Policy Rules include:

  • W32_SobigF_Registry_Activity
    This rule detects the changes in the registry associated with the W32.SobigF Worm.

Last modified on: Thursday, 21-Aug-2003 18:37:28 PDT