Day: 31 January 2005

Be Warned

James
Virus Advisory
  
CURRENT THREAT   W32/Sober.k@MM
Medium Risk

Current VirusScan users with DAT 4424 are protected from this threat.

What Is It?

The 11th variant of the Sober virus, W32/Sober.k@MM is a Medium Risk mass-mailing worm hiding inside an email attachment. When run, the worm displays a fake error message in Notepad, infects the host computer and sends itself to stolen email addresses. Outgoing messages may be in German or English, depending on the recipient’s domain.

What should I look for?

  • FROM: Varies (forged addresses taken from infected system)
  • SUBJECT: English: I’ve got YOUR email on my account!! German: Ey du DOOF Nase, warum beantw…
  • BODY: English: First, Sorry for my very bad English! German: Warum beantwortest Du meine E-Mails nicht?
  • ATTACHMENT: EMAIL_TEXT.ZIP or TEXT.ZIP

    • How do I know if I’ve been infected?

    Fake error message displayed. Outgoing messages as noted above. Increased network traffic on TCP port 37. Alerts from a desktop firewall (if installed) that a new application is trying to access the Internet.

    How do I find out more?

    Visit the McAfee home page.