Posted on 05/04/2005 5:16:08 PM PDT by Las Vegas Dave
Virus Name Risk Assessment W32/Sober.p@MM Corporate User : Low-Profiled Home User : Medium
Virus Information Discovery Date: 05/02/2005 Origin: Unknown Length: 53,727 bytes (zip) 53,554 bytes (executable) Type: Virus SubType: E-mail Minimum DAT: 4443 (03/09/2005) Updated DAT: 4482 (05/02/2005) Minimum Engine: 4.3.20 Description Added: 05/02/2005 Description Modified: 05/02/2005 3:59 PM (PT) Description Menu Virus Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend
Virus Characteristics: -- Update 2nd May 13:00 PST -- Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM for Home Users.
If you think that you may be infected with Sober.p, and are unsure how to check your system, you may download the Stinger tool to scan your system and remove the virus if present. This is not required for McAfee users as McAfee products are capable of detecting and removing the virus with the latest update. (see the removal instructions below for more information).
Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address.
This threat is proactively detected with the 4443 DAT files, or newer, as W32/Sober.gen@MM.
This threat arrives in an email message with one of the following attachment names:
account_info.zip autoemail-text.zip LOL.zip Fifa_Info-Text.zip mail_info.zip okTicket-info.zip our_secret.zip _PassWort-Info.zip Inside the ZIP archive is a file named winzipped-text_data.txt .pif
Like many Sober variants, this variant uses several different email messages randomly, in either English or German depending on the version of Windows. One such German message states that the recipient has won tickets to the worldcup:
Subject : WM-Ticket-Auslosung Body: Herzlichen Glueckwunsch,
beim Run auf die begehrten Tickets für die 64 Spiele der Weltmeisterschaft 2006 in Deutschland sind Sie dabei.
Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
Ihr "ok2006" Team St. Rainer Gellhaus
--- FIFA-Pressekontakt: --- Pressesprecher Jens Grittner und Gerd Graus --- FIFA Fussball-Weltmeisterschaft 2006 --- Organisationskomitee Deutschland --- Tel. 069 / 2006 - 2600 --- Jens.Grittner@ok2006.de --- Gerd.Graus@ok2006.de
An example of a randomly generated English message is as follows:
Subject: Your Password Body: Account and Password Information are attached!
Visit: http://www. {sender's domain}
*** AntiVirus: No Virus found *** "{recipient's domain} " Anti-Virus *** http://www. {recipient's domain}
You mean like the automatic update and patch system that's enabled by default on all Mac OS X systems? :-P
If you're running Linux, may I suggest clamav?
I just had one email that had 12 of these in it alone, have had over a dozen emails each day for the last several with that virus in it. It gets past earthlink virus scan filter but norton catches it.
In about 10 minutes my mail had a whole bunch of them, all from different addresses so I just dumped them all without looking. I figured something was going on.
I have really good spyware and a good virus program so I wasn't worried, and I didn't open them anyhow. But I guess we are going to see these for a while. What a pain. What is the point with these people?
I've gotten some that are actually executables in the body of my email message. I caught one and tried to dissect it, but lacking the proper tools, I finally nuked it. Just opening that email would have launched it. Despicable things. It was probably a keystroke logger that would report back to its master in an attempt to harvest financial userIDs and passwords.
It needs patches? How come? :-)
Don't get me wrong... I'm a big Mac-Head from OS 5 on my old Mac SE. I still have a powerbook 520c around here somewhere... and I support lots of macs at work. I love 'em.
I just don't get all strung out on the OS wars. I like them all for various reasons, and there's nothing inherently wrong with any of them. It's how people use them that matters.
Will they also execute in the preview pane or does the email actually have to be opened in its own seperate window. (i.e. doble clicked versus single clicked)
This frustrates the hell out of me that it has come to this. I'd go on, but it would just degenerate into insults and profanity.:-)
I've been getting them for about 3 days Norton caught the first one and I've been deleting the rest its about 8 to 10 a day so far.
I know a lot of windows bigots who are waiting for the same thing. ...and waiting... and waiting... and waiting...
Depends upon what you use your computer for. Describe your requirements, and I can tell you if what you need is available with a standard distribution without much tweaking.
Stay tuned... :-)
...and I'm not a Windows bigot.
There's a steep learning curve assosciated with gaining a thorough comprehension of the operating system (historically, Linux has been targeted more toward people who needed a powerful system more than a user-friendly one) but if you are planning on using email, wordprocessing, etc., you won't need to know any more than you need to know to run windows.
If you want to try out a linux variant without installing anything, you can run it on a live-cd and it will load itself into ram without ever affecting your system.
Personally, I started using Linux in 8th grade, and have been using Windows less and less until last year I got rid of it altogether. It just can't do what I can do on Linux. (And I'm also paranoid about people taking over my machine.)
Your impression of Linux sounds like it is about eight years dated. Builds now pretty much autodetect everything.
Most Linux distributions are now so easy to install it is amazing. Pretty much just have to download or otherwise obtain them, hit "install" and "Presto" you have a dual-boot system with hardware autodetected. I love FEDORA and have not had to 'tweak' it at all. From there, you can choose the system you want to boot into, and discover Linux at your leisure. My daughter almost always chooses Linux nowadays, and I exclusively use it for internet activities.
I also use KNOPPIX oft-times ... it is run completely off the CD-ROM drive, and won't touch your hard drive at all until and unless you make it so. It is a great diagnostic tool.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.