Posted on 05/04/2005 5:16:08 PM PDT by Las Vegas Dave
Virus Name Risk Assessment W32/Sober.p@MM Corporate User : Low-Profiled Home User : Medium
Virus Information Discovery Date: 05/02/2005 Origin: Unknown Length: 53,727 bytes (zip) 53,554 bytes (executable) Type: Virus SubType: E-mail Minimum DAT: 4443 (03/09/2005) Updated DAT: 4482 (05/02/2005) Minimum Engine: 4.3.20 Description Added: 05/02/2005 Description Modified: 05/02/2005 3:59 PM (PT) Description Menu Virus Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend
Virus Characteristics: -- Update 2nd May 13:00 PST -- Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM for Home Users.
If you think that you may be infected with Sober.p, and are unsure how to check your system, you may download the Stinger tool to scan your system and remove the virus if present. This is not required for McAfee users as McAfee products are capable of detecting and removing the virus with the latest update. (see the removal instructions below for more information).
Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address.
This threat is proactively detected with the 4443 DAT files, or newer, as W32/Sober.gen@MM.
This threat arrives in an email message with one of the following attachment names:
account_info.zip autoemail-text.zip LOL.zip Fifa_Info-Text.zip mail_info.zip okTicket-info.zip our_secret.zip _PassWort-Info.zip Inside the ZIP archive is a file named winzipped-text_data.txt .pif
Like many Sober variants, this variant uses several different email messages randomly, in either English or German depending on the version of Windows. One such German message states that the recipient has won tickets to the worldcup:
Subject : WM-Ticket-Auslosung Body: Herzlichen Glueckwunsch,
beim Run auf die begehrten Tickets für die 64 Spiele der Weltmeisterschaft 2006 in Deutschland sind Sie dabei.
Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
Ihr "ok2006" Team St. Rainer Gellhaus
--- FIFA-Pressekontakt: --- Pressesprecher Jens Grittner und Gerd Graus --- FIFA Fussball-Weltmeisterschaft 2006 --- Organisationskomitee Deutschland --- Tel. 069 / 2006 - 2600 --- Jens.Grittner@ok2006.de --- Gerd.Graus@ok2006.de
An example of a randomly generated English message is as follows:
Subject: Your Password Body: Account and Password Information are attached!
Visit: http://www. {sender's domain}
*** AntiVirus: No Virus found *** "{recipient's domain} " Anti-Virus *** http://www. {recipient's domain}
(I hope all virus-mongers and spyware iceholes rot in hell.)
:P
can anyone explain this to me... I received about 20 of these in the last 48 hours and I never, never get spam.
I can't complain too much about them; between them and my idiot users (who despite all warnings and some beatings continue to open unexpected attachments and follow links to websites blindly), they keep me in business.
Microsoft Windows and the virus/adware/spyware writers - the IT Industry's Full Employment Act.
(Of course, I use Mac OS X at home, on my laptop, and on my personal servers, so I don't have to worry about that when I get home.) :)
Not this time, but all that means is that it was spoofing the sender from lists found on your friends' machines, and your name and addy won the lottery.
Only drugfree p. can keep you out of trouble.
My daughter in law in Canada told me she got several of these today. She didn't open them.
If I wanted to look at that, I could have stayed with the old Apple IIE we had in high school.
[snif] Brings back memories of that old Kaypro I used in college. [sigh]
That refreshes my memory for the old days of MS-DOS without Windows. Long ago I use to write my own Autoexec.bat and now I am scared that my skills have faded away by the influence of GUI. :)
Ah, the bliss of using a MAC...
LOL!
Sshhhh... there is balance in all things. I like listening to cocky mac and *nix folk. No habits of update and patch. No antivirus running on nearly any system.
Someday... the same worm will take 'em all down at once, and we can be there to lick the delicious tears of sadness. /cartman. :-)
That is approximately what my email from BLUECROSS(es?) said!
Wow. If Monsieur is that desperate for abuse, may I suggest ze Windows? It is particularly tender this evening.
No - may have to check that out. I'm dealing with about 20 servers under Micro$oft and a half-dozen Netware boxes. Symantec was the choice because Somebody liked the central console interface. That's the basis under which I'm trying to sell Trend to the boss...
I've never had a virus myself using Windows, and I don't have to know how to build all the software in order to run it.
I'm a driver, not a mechanic, but whatever makes you happy.
I've seen some *very* weird things happen with Trend Micro corporate antivirus stuff - strange incompatibilities, crashes, that sort of thing; not all that common, but it's happened to my clients enough times to make me leery. I'd still take TM over Symantec over McAfee, though.
Check out Grisoft's offerings - www.grisoft.com. Their stuff is less user-friendly than Symantec, but it takes a lot less horsepower to run, has a much better automatic update and detection system, and the automatic scheduled system scan can run in the background on more powerful machines without much of a speed hit.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.