Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Sober.N - New Variant to Watch

  Most Sober variants can spread quickly, as the social engineering plus technical characteristics are advanced for this family of viruses

http://secunia.com/virus_information/17277/sober.n/
http://secunia.com/virus_information/16824/win32.sober.m/

W32.Sober.N@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.

Subject of email: FwD: Ich bin's nochmal or I've_got your EMail on my_account!
Name of attachment: Private-Texte.zip or your_text.zip
Size of attachment: 73,541 bytes
Ports: TCP port 21
Compromises security settings: Attempts to terminate security-related processes.


Quote:
EMAIL Format -- German version

From: <Spoofed>

Subject: FwD: Ich bin's nochmal

Message: Verdammt,,,,ich hatte vergessen Dir meinen Text mitzuschicken.Aber bitte nicht woanders darueber Reden, ich wuerde mich dann zu Tode blamieren! Ich melde mich. Bis bald Wink

Attachment: Private-Texte.zip
Quote:
EMAIL Format -- English version

From: <Spoofed>

Subject: I've_got your EMail on my_account!

Message: Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error! At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then. Make sure, that this mails don't come in my mail-box again. bye

Attachment: your_text.zip
Posted: Apr 19 2005, 09:03 AM by Harry Waldron | with no comments