Sober O

Discussion in 'NOD32 version 2 Forum' started by jlo, May 2, 2005.

Thread Status:
Not open for further replies.
  1. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have already received 3 of them this morning:

    Time Module Object Name Virus Action User Information
    3/05/2005 7:55:36 AM EMON email message from: hostmaster @ ozemail.com.au to: E-Post @ bigpond.net.au with subject mailing error dated 05/03/2005 2:47 Attachment: mail_info.zip Win32/Sober.O worm quarantined - unable to clean - deleted BLACKSPEAR\XXXX

    Cheers :D
     
  3. Markus

    Markus Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    14
    Location:
    Germany
    Yes, that's right. NOD32 v2.50.9 Beta detects it (heuristically) as "probably a variant of Win32/Sober worm".
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    It's in todays definitions as well.


    NOD32 - v.1.1086 (20050502)
    Virus signature database updates:
    IRC/Delf.A, IRC/Zapchast.B, JS/KakWorm.A, Win32/Agent.WIW, Win32/Banish.A, Win32/Bropia.V, Win32/Delf.YG, Win32/HideWindow, Win32/Kelvir.AU, Win32/Kelvir.AV, Win32/Kelvir.AW, Win32/Kelvir.AX, Win32/Kelvir.AY, Win32/Mydoom.BD, Win32/Mytob.BU, Win32/QDial.30.A, Win32/Rbot.DST, Win32/Rbot.DSU, Win32/Sharan, Win32/Sharan.C, Win32/Sober.O, Win32/TrojanDownloader.Agent, Win32/TrojanDownloader.Agent.LW, Win32/TrojanDownloader.Small.ALV, Win32/TrojanDownloader.WarSpy, Win32/TrojanDropper.Agent.NAI, Win32/Tumbi, Win32/Tumbi.AL, Win32/VB.CS, Win32/VB.CW, Win32/VB.CY, Win32/VB.PT
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I'm up to 10 now, coming in thick and fast, giving Nod a workout ;) :D

    Cheers :D
     
  6. DonKid

    DonKid Registered Member

    Joined:
    Jun 27, 2004
    Posts:
    566
    Location:
    S?o Paulo, Brazil
    I wonder how many e-mails you receive all day.
    Maybe thousands of it. :D

    Best regards,

    DonKid.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Nah, if I received thousands, I'd be changing email addresses ;) :D

    Up to 17 now :D
     
  8. Happy Bytes

    Happy Bytes Guest

    This worm has a very good chance to become even more spreaded - at least in german speaking countries. He claims to bring "Free Football WM tickets" - and this exactly in the time were they REALLY giving away free Football tickets for this WM! Social engineering of it's best. :rolleyes:

    I would NOT BE SUPRISED if some football fanatics would even disable the antivirus when it says "Sober.O" just to get this "tickets"....
     
Thread Status:
Not open for further replies.