|Subject:||How does Sobig.E infect?|
|Date:||27 Jun 2003|
I'm trying to figure out what exploit W32.Sobig.E@mm uses to
establish its infection. Since it's in a ZIP file, i don't
understand how the payload gets executed. Do some MS mail
readers automatically open ZIP attachments and run whatever's
in them? Is there a ZIP-related vulnerability that allows
code execution from an infected archive? Or does the worm
rely on people manually opening the ZIP file, and running
the enclosed PIF files explicitly?
Sorry if this is a dumb question, but all the reports i've
read about this worm skirt around the issue. Thanks...