This is a mass-mailing worm that also spreads over network shares. The worm search through local files and address books for email addresses to send itself to. When it infects a host, the worm attempts to download a file from www.geocities.com. This file is at the moment just a text file containing an URL reference to another file located at another server in the US. This second file is a backdoor Trojan, which will be downloaded and executed by the worm.

Norman's customers have been protected since 10 January by the Sobig.A@mm

We will continue to follow the current situation carefully.

Users are encouraged to update their Norman Virus Control protection to the most recent version.

For more detailed Information about this threat visit: www.norman.com

For further information, please contact

Norman ASA, VP Marketing Audun Lødemel, tel.+47 67 10 97 79, mob. +47 934 465 31