Author |
Topic: WARNING---W32/Sober.p@MM (Read 184 times) |
|
The mad viking
CH.com Alumnus
New Board Hall of Famer
Always Look on The Bright Side of Life
 
 
Gender: 
Posts: 3135
|
 |
WARNING---W32/Sober.p@MM
« on: May 4th, 2005, 7:57pm » |
 Quote  Modify
|
What is it?
Another variant of the Sober virus, W32/Sober.p@MM is a Medium Risk mass-mailing worm hiding inside an email attachment. When run, the worm displays a fake error message, infects the host computer and sends itself to the email addresses that are harvested from the infected machine. Like many Sober variants, this variant uses several different email messages randomly, in either English or German depending on the version of Windows.
What should I look for?
FROM: Varies (forged addresses taken from infected system)
SUBJECT: Examples: English: Your Password
German: WM-Ticket-Auslosung
BODY: Examples:
English: Account and Password Information are attached!
German: Herzlichen Glueckwunsch,
beim Run auf die begehrten Tickets für die 64 Spiele der Weltmeisterschaft 2006 in Deutschland sind Sie dabei.
ATTACHMENT: account_info.zip, autoemail-text.zip, LOL.zip, Fifa_Info-Text.zip, mail_info.zip, okTicket-info.zip, our_secret.zip, _PassWort-Info.zip
How do I know if I've been infected?
When the ZIP archive is extracted and the contained PIF file is manually executed, the virus may display a fake error message which reads "Error: CRC not complete".
How do I find out more?
View details about W32/Sober.p@MM here. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=13 3409&cid=14461
You know what to do folks
Svenn
|
| « Last Edit: May 4th, 2005, 7:58pm by The mad viking » |
 IP Logged |
Always Look on The Bright Side of Life
|
|
|
Jonny
CH.com Alumnus
New Board Hall of Famer
Give me a shovel Ill dig my own grave!
Gender:
Posts: 26213
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #1 on: May 4th, 2005, 8:12pm » |
Quote Modify
|
If you dont know who sent it....dont open it 
Night Night 
|
|
IP Logged |
It is up to YOU to educate yourself and then help your doctor plan your treatment. If you just sit down in front of your doctor and say "make me better" you are setting yourself up for a great deal of pain.
- Guiseppi
|
|
|
Charlie
CH.com Alumnus
New Board Hall of Famer
Happy to be here
   
Gender:
Posts: 14968
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #2 on: May 4th, 2005, 8:18pm » |
Quote Modify
|
Thanks Svenn.
Yikes. They're really out in force today. Getting lots of warnings but I even check them first.
Charlie
|
|
IP Logged |
There is nothing more satisfying than being shot at without result---Winston Churchill
|
|
|
Gator
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 4556
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #3 on: May 4th, 2005, 9:43pm » |
Quote Modify
|
on May 4th, 2005, 8:12pm, Jonny wrote:If you dont know who sent it....dont open it
Night Night |
|
Even if you do know the person who sent it, be careful. That person's infected computer may be sending you a virus without his/her knowledge.
|
|
IP Logged |
|
|
|
Opus
New Board Hall of Famer
(Insert witty comment here)
Gender:
Posts: 2509
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #4 on: May 5th, 2005, 12:13am » |
Quote Modify
|
on May 4th, 2005, 7:57pm, Svenn wrote: W32/Sober.p@MM is a Medium Risk mass-mailing worm hiding inside an email attachment.
|
|
What a contradiction in terms, by definition , a Worm is Malware that doesn't need to be clicked on to infect and spread. There really are no mass mailing worms since they would have to infect without even being read.
These Viruses must know I use Linux, I never seem to get them anymore, but my wife still does.
Opus/Paul 
|
|
IP Logged |
Zed-Zed-nine plural-Zed alpha,
There is no place like home.
|
|
|
ExplodingEyeBall
New Board Hall of Famer
I can't think of anything clever to put here.
Gender:
Posts: 2589
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #5 on: May 5th, 2005, 9:51am » |
Quote Modify
|
on May 4th, 2005, 8:12pm, Jonny wrote:If you dont know who sent it....dont open it
Night Night |
|
If you weren't expecting it and it came from someone you know, call them and ask about it before you open it.
If you don't know the sender, delete it.
|
|
IP Logged |
Just poke out my eye and get it over with!!!
|
|
|
nani
CH.com Alumnus
New Board Hall of Famer
Got kudzu?
Gender: 
Posts: 7953
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #6 on: May 5th, 2005, 9:53am » |
Quote Modify
|
I've probably gotten another 50 of them since yesterday. The attachment size is 73KB and they come from all kinds of "official" looking addresses.
|
|
IP Logged |
Others may come and go, but MY power is MINE.
|
|
|
sandie99
New Board Hall of Famer
Wish it, dream it, do it - inspite the pain!
Gender:
Posts: 10429
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #7 on: May 5th, 2005, 9:58am » |
Quote Modify
|
Thanks for the warning! 
|
|
IP Logged |
CH happends, Live anyway! PF days to us all!
"Do what you can and let God take care of the rest. Leave your heart wide open and always wish for the best" (Sanna Hillu)
"No matter how far out your dreams are, it's possible" (Marketa Irglova)
|
|
|
Kirk
CH.com Alumnus
New Board Hall of Famer
VINIMUS, VIDIMUS, DOLAVIMUS
 
Gender:
Posts: 1914
|
|
Re: WARNING---W32/Sober.p@MM
« Reply #8 on: May 5th, 2005, 12:41pm » |
Quote Modify
|
|
|
IP Logged |
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
test rss