Posted on 05/04/2005 5:16:08 PM PDT by Las Vegas Dave
Virus Name Risk Assessment W32/Sober.p@MM Corporate User : Low-Profiled Home User : Medium
Virus Information Discovery Date: 05/02/2005 Origin: Unknown Length: 53,727 bytes (zip) 53,554 bytes (executable) Type: Virus SubType: E-mail Minimum DAT: 4443 (03/09/2005) Updated DAT: 4482 (05/02/2005) Minimum Engine: 4.3.20 Description Added: 05/02/2005 Description Modified: 05/02/2005 3:59 PM (PT) Description Menu Virus Characteristics Symptoms Method Of Infection Removal Instructions Variants / Aliases Rate This page Print This Page Email This Page Legend
Virus Characteristics: -- Update 2nd May 13:00 PST -- Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM for Home Users.
If you think that you may be infected with Sober.p, and are unsure how to check your system, you may download the Stinger tool to scan your system and remove the virus if present. This is not required for McAfee users as McAfee products are capable of detecting and removing the virus with the latest update. (see the removal instructions below for more information).
Note: Receiving an email alert stating that the virus came from your email address is not an indication that you are infected as the virus often forges the from address.
This threat is proactively detected with the 4443 DAT files, or newer, as W32/Sober.gen@MM.
This threat arrives in an email message with one of the following attachment names:
account_info.zip autoemail-text.zip LOL.zip Fifa_Info-Text.zip mail_info.zip okTicket-info.zip our_secret.zip _PassWort-Info.zip Inside the ZIP archive is a file named winzipped-text_data.txt .pif
Like many Sober variants, this variant uses several different email messages randomly, in either English or German depending on the version of Windows. One such German message states that the recipient has won tickets to the worldcup:
Subject : WM-Ticket-Auslosung Body: Herzlichen Glueckwunsch,
beim Run auf die begehrten Tickets für die 64 Spiele der Weltmeisterschaft 2006 in Deutschland sind Sie dabei.
Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
Ihr "ok2006" Team St. Rainer Gellhaus
--- FIFA-Pressekontakt: --- Pressesprecher Jens Grittner und Gerd Graus --- FIFA Fussball-Weltmeisterschaft 2006 --- Organisationskomitee Deutschland --- Tel. 069 / 2006 - 2600 --- Jens.Grittner@ok2006.de --- Gerd.Graus@ok2006.de
An example of a randomly generated English message is as follows:
Subject: Your Password Body: Account and Password Information are attached!
Visit: http://www. {sender's domain}
*** AntiVirus: No Virus found *** "{recipient's domain} " Anti-Virus *** http://www. {recipient's domain}
I received email today from BLUECROSS with a .zip file attached, I immediately deleted it!
I've received about 5 of these today.
I wonder if Sober will run under WINE.
ROTFL
I got about 150 - or so my server tells me. clamav is my friend.
Trend Micro notified me of virus and did scan and sys update last week. Trend Micro has a free version at their website.
It seems more user friendly to me then Norton.
Would you believe that one nut actually tried to get several "popular" worms to run under WINE? IIRC, 4 of 5 failed to do anything. The 5th got half credit for causing WINE to freeze.
The thing I hate most about these viruses is... no cross-platform compatibility! They only attack Windows!
I'll be darned if I'm going to fork over a couple hundred bucks to microsoft just so I can enjoy the experience of viruses and worms.
Somebody needs to write a Linux patch so that my operating system is no longer virus-deficient!
150? I only received 70. I feel so deprived.
It is, IMHO, but Trend had a little hoo-hah last week when they released a signature file that locked their clients' machines solid. They corrected it right away, but it sort of hurt my sales program here at work to switch from Symantec.
... and here I thought Sober p. kept you out of trouble.
I recieved one of these at my work email.
I'm very surprised it made it through.
Most of these things are caught real early and deleted before they ever reach my inbox.
Anyone who still gets infected by opening attatchments is just plain stupid.
I've received approximately 30 spam emails with sober virus in attached files over the past two days. Most of them had a fake message saying that Postmaster of some website was returning my mail--but I hadn't sent any mail to those addresses, and the addresses were suspicious.
Depressing. I was just thinking it had been quite a while since the last time I started getting a lot of virus attacks.
Norton AV works fine at blocking and deleting this virus, and I presume the other AV programs will as well, provided they are kept up to date. You all may want to check with your providers.
Keep eggin' them on... they'll get to all ya Linux folk soon enough ;~D
I left my computer on and left for a while, and when I cam eback in the Norton screen was up telling me it had blocked this virus. Good to know it works..
I'm not a big fan of Trend Micro's stuff. Tried Grisoft's software?
Has anyone had this type of email come in?
I'm getting more of these today than porn spam.
That's a lot!!!
For some odd reason, I got about 6-700 of those this morning between the hours of 4 and 5 am. I just set them to autodelete and redirected a copy to Grisoft and SARC.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.