Saturday, November 20, 2004

Sober.J Worm Strikes -

What is it?

W32/Sober.j@MM is a Medium Risk mass-mailing worm that arrives as an email attachment. When run, the worm displays a series of fake error messages (e.g., WinZip_Data_Module is missing ~Error: {2A0DCCF6}), infects the host computer and emails itself to stolen email addresses using the infected computer's Internet connection.

Up-to-date McAfee VirusScan users with DAT 4409 are protected from this threat.
Note: To fortify your anti-virus defense against threats like W32/Sober.j@MM that need Internet access to spread, we recommend installing McAfee Personal Firewall Plus.

What should I look for?

FROM: Varies (forged addresses taken from infected system)

SUBJECT: Example: FwD: illegal signs in your email

BODY: Example: More info about--GZIP--under: http://www.gzip.org

ATTACHMENT: Examples: mail.4052.scr, verisign.2095.pif, re_mail8831.bat

How do I know if I've been infected?

Fake error messages displayed. Increased network traffic on TCP port 37. Alerts from a desktop firewall (if installed) that a new application is trying to access the Internet.

Links to this post:

Create a Link

<< Home