Win32/Sober.A

Discussion in 'malware problems & news' started by rerun2, Oct 30, 2003.

Thread Status:
Not open for further replies.
  1. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    "Sophos, a world leader in anti-virus and anti-spam protection for businesses, is advising that reports from England and Germany of the Windows worm W32/Sober-A have been steadily increasing since its discovery on Monday.

    The worm has duped some computer users with its ability to check the domain of the recipient's email address and change the text language accordingly. If it is '.de' (Germany), '.li' (Liechtenstein), '.at' (Austria) or '.ch' (Switzerland), the subject line and message text are displayed in German. All other recipient addresses receive an English subject and body text. If an infected email attachment is opened, the Sober worm starts to spread by collecting email addresses found on the infected user's computer and sending itself to each of them.

    The displayed text uses sophisticated techniques to convince the user to double-click on the attachment, such as pretending to be an operating system patch to safeguard the recipient's computer or anti-virus protection to protect the user against viruses."

    http://www.sophos.com/virusinfo/articles/sobera.html

    http://www.sophos.com/virusinfo/analyses/w32sobera.html

    AVG, AVP (KAV), eTrust, F-Prot, Symantec, Mcafee, NOD32 have it in its detection. DrWeb has it in its detection as Win32.HLLM.Odin.
     
  2. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Good info rerun2. :cool:

    Looks like Crockett ran into this yesterday. Her defenses effectively neutralized the event.

    http://www.wilderssecurity.com/showthread.php?t=14940;start=15#bot

    Opera M2 & her AV performed appropriately...

    Seems Opera M2 works fine, and performs very wisely when receiving infected mail as I did today.

    Disposing of a complete backup of my system, I calmly clicked on the link and Opera proposed to save the attachment to disk, which I accepted. I then checked the file with my av, which simply did what it was supposed to.

    Rgds,
    Almost-got-infected-Crockett


    wonder what would have happened had someone been using MS outlook? maybe same result, but good to know Opera M2 does not allow automatic execution of attachments without manual initiation.
     
Thread Status:
Not open for further replies.