New Sober variant has emerged

by harrywaldron / May 2, 2005 3:51 AM PDT

Any new variant of this advanced virus family is worth watching ... Just preliminary info so far:

http://secunia.com/virus_information/17689/sober.s/

http://vil.nai.com/vil/content/v_133409.htm

[quote]TrendLabs has received several reports regarding this new SOBER variant that is currently spreading in Germany and the United States. TrendLabs is working to provide a more in depth analysis of this malware. Details will be posted shortly.
[/quote]

[quote]This threat is proactively detected with the 4473 DAT files, or newer, as W32/Sober.gen@MM.

AVERT is currently analyzing this threat. More details will be posted shortly.

This threat arrives in an email message with one of the following attachment names:

* autoemail-text.zip
* LOL.zip
* mail_info.zip
* okTicket-info.zip
* Fifa_Info-Text.zip
* account_info.zip

Inside the ZIP archive is a file named winzipped-text_data.txt .pif [/quote]

(NT) (NT) Thanks for the headups Harry.
by roddy32 / May 2, 2005 4:18 AM PDT
(NT) Escalated to MEDIUM RISK by Secunia
by harrywaldron / May 2, 2005 7:41 AM PDT
The AV companies are all putting out
by roddy32 / May 2, 2005 7:54 AM PDT

either a special release or a 2nd release on their defs. for this one today.

(NT) Ha ha...Thanks For Visiting Harry..!
by Grif Thomas Forum moderator / May 2, 2005 8:53 AM PDT
(NT) (NT) He even joined Grif :D
by roddy32 / May 2, 2005 9:29 AM PDT
i had 18 today
by dawillie / May 2, 2005 10:36 AM PDT

returned to me from various Canadian servers as well as Yahoo and Hot mail.

reading trough the back door method in OE i was able to determine that they were either mail_info.zip or account_info.zip.

Naturally I deleted.

