O
ovi
Guest
The 11th variant of the Sober virus, W32/Sober.k@MM is a Medium Risk mass-mailing worm hiding inside an email attachment. When run, the worm displays a fake error message in Notepad, infects the host computer and sends itself to stolen email addresses. Outgoing messages may be in German or English, depending on the recipient's domain.
What should I look for?
FROM: Varies (forged addresses taken from infected system)
SUBJECT:
English: I've got YOUR email on my account!!
German: Ey du DOOF Nase, warum beantw...
BODY:
English: First, Sorry for my very bad English!
German: Warum beantwortest Du meine E-Mails nicht?
ATTACHMENT: EMAIL_TEXT.ZIP or TEXT.ZIP
How do I know if I've been infected?
Fake error message displayed. Outgoing messages as noted above. Increased network traffic on TCP port 37. Alerts from a desktop firewall (if installed) that a new application is trying to access the Internet.
What should I look for?
FROM: Varies (forged addresses taken from infected system)
SUBJECT:
English: I've got YOUR email on my account!!
German: Ey du DOOF Nase, warum beantw...
BODY:
English: First, Sorry for my very bad English!
German: Warum beantwortest Du meine E-Mails nicht?
ATTACHMENT: EMAIL_TEXT.ZIP or TEXT.ZIP
How do I know if I've been infected?
Fake error message displayed. Outgoing messages as noted above. Increased network traffic on TCP port 37. Alerts from a desktop firewall (if installed) that a new application is trying to access the Internet.
