Sober O

Discussion in 'NOD32 version 2 Forum' started by jlo, May 2, 2005.

Thread Status:
Not open for further replies.
  1. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have already received 3 of them this morning:

    Time Module Object Name Virus Action User Information
    3/05/2005 7:55:36 AM EMON email message from: hostmaster @ ozemail.com.au to: E-Post @ bigpond.net.au with subject mailing error dated 05/03/2005 2:47 Attachment: mail_info.zip Win32/Sober.O worm quarantined - unable to clean - deleted BLACKSPEAR\XXXX

    Cheers :D
     
  3. Markus

    Markus Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    14
    Location:
    Germany
    Yes, that's right. NOD32 v2.50.9 Beta detects it (heuristically) as "probably a variant of Win32/Sober worm".
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,038
    Location:
    Texas
    It's in todays definitions as well.


    NOD32 - v.1.1086 (20050502)
    Virus signature database updates:
    IRC/Delf.A, IRC/Zapchast.B, JS/KakWorm.A, Win32/Agent.WIW, Win32/Banish.A, Win32/Bropia.V, Win32/Delf.YG, Win32/HideWindow, Win32/Kelvir.AU, Win32/Kelvir.AV, Win32/Kelvir.AW, Win32/Kelvir.AX, Win32/Kelvir.AY, Win32/Mydoom.BD, Win32/Mytob.BU, Win32/QDial.30.A, Win32/Rbot.DST, Win32/Rbot.DSU, Win32/Sharan, Win32/Sharan.C, Win32/Sober.O, Win32/TrojanDownloader.Agent, Win32/TrojanDownloader.Agent.LW, Win32/TrojanDownloader.Small.ALV, Win32/TrojanDownloader.WarSpy, Win32/TrojanDropper.Agent.NAI, Win32/Tumbi, Win32/Tumbi.AL, Win32/VB.CS, Win32/VB.CW, Win32/VB.CY, Win32/VB.PT
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I'm up to 10 now, coming in thick and fast, giving Nod a workout ;) :D

    Cheers :D
     
  6. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    I wonder how many e-mails you receive all day.
    Maybe thousands of it. :D

    Best regards,

    DonKid.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nah, if I received thousands, I'd be changing email addresses ;) :D

    Up to 17 now :D
     
  8. Happy Bytes

    Happy Bytes Guest

    This worm has a very good chance to become even more spreaded - at least in german speaking countries. He claims to bring "Free Football WM tickets" - and this exactly in the time were they REALLY giving away free Football tickets for this WM! Social engineering of it's best. :rolleyes:

    I would NOT BE SUPRISED if some football fanatics would even disable the antivirus when it says "Sober.O" just to get this "tickets"....
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.