Sober Worm Variant Makes The Rounds

KingFishKingFish
edited May 2005 in Science & Tech
A new variant of the mass-mailing Sober worm has been discovered and is spreading among consumer PC users, security experts said Monday.
Sober.P, which operates in a similar fashion to other Sober worms, uses a subject header in an e-mail to try to entice people into opening an attachment. The virus then harvests e-mail addresses from the victim and directs a barrage of spam to those addresses.

"The social engineering has been very effective," said Craig Schmugar, virus research manager for McAfee Avert. "They will use German messages for German Windows users. They tell them they've won tickets to the World Cup, and that has been an effective (ploy) for that region."

The variant also has been compressed to make it more difficult for security software to identify when scanning a system, Schmugar said.
Source: c|net

Comments

  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited May 2005
    Someone I never heard of just sent it to me 2 hours ago.
    email text: ok ok ok,,,,, here is it

    Attachment: our_secret.zip
    I smelled a rat and did not try to unzip the file.

    AVG did not catch it with the definitions dated April 29, 2005. When I ran the update and got the definitions dated May 2, 2005 (Virus Base 266.11.2) it picked it right up.

    If you use AVG you should update it now. :cool:
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited May 2005
    Fortunately my spam filter renders these attachments nothing more than harmless text. If it weren't for that, my office would find a way to infect themselves in spite of the AV protection. They would certainly take advantage of the few hour window between updates. They're idiots. Idiots, I tells ya!!
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited May 2005
    Just had another one come in. This time my ISP (Adelphia) filtered it out before it got to me.
  • HeartSmasherEliteHeartSmasherElite Microsoft OS Tech Support
    edited May 2005
    Cool I hope everyone here has there auto update on for AVG or else :shakehead :rarr: will be burning in its rath
  • QCHQCH Ancient Guru Chicago Area - USA Icrontian
    edited May 2005
    I've gotten 7 of them since last night. Running rampant... I know some idiot in our org. will open it. Someone always does. :rolleyes:
  • KingFishKingFish
    edited May 2005
    We've been getting a deluge of them in our organization too. So far so good although it's only a matter of time before we get an infection given the volume of them we've been receiving.
Sign In or Register to comment.