Symantec: W32.Sober.J@mm

Discussion in 'malware problems & news' started by Randy_Bell, Jan 31, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    This worm caused a LiveUpdate for Norton today, and also McAfee Weekly DATs were released early to cover it, and TrendMicro issued a new Pattern File to cover it:

    W32.Sober.J@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it gathers from the compromised computer. The subject of the email varies and is in either English or German. The email sender address is spoofed. The name of the email attachment varies, and it has a .bat, .com, .pif, .scr, or .zip file extension. The attachment may also have a double extension. This threat is written in the Microsoft Visual Basic programming language and is compressed with UPX.

    Type: Worm
    Infection Length: 43,247 bytes
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.j@mm.html
     
    Last edited: Feb 3, 2005
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Last edited: Feb 1, 2005
Thread Status:
Not open for further replies.