Monday, January 31, 2005

Sober.K Virus Strikes Unprotected Users

The 11th variant of the Sober virus, W32/Sober.k@MM is a Medium Risk mass-mailing worm hiding inside an email attachment. When run, the worm displays a fake error message in Notepad, infects the host computer and sends itself to stolen email addresses. Outgoing messages may be in German or English, depending on the recipient's domain.

Note: To fortify your anti-virus defense against threats like W32/Sober.k@MM that need Internet access to spread, we recommend installing McAfee Personal Firewall Plus.

What should I look for?
FROM: Varies (forged addresses taken from infected system)
SUBJECT:English: I've got YOUR email on my account!! German: Ey du DOOF Nase, warum beantw...
BODY: English: First, Sorry for my very bad English!German: Warum beantwortest Du meine E-Mails nicht?
ATTACHMENT: EMAIL_TEXT.ZIP or TEXT.ZIP

How do I know if I've been infected?
Fake error message displayed. Outgoing messages as noted above. Increased network traffic on TCP port 37. Alerts from a desktop firewall (if installed) that a new application is trying to access the Internet.

Links to this post:

Create a Link

<< Home