Sober worm spreads like wildfire

Toggle sidebar Toggle sidebar
J

Jzero

Lifer
Oct 10, 1999
18,834
1
0
<Insert standard Jzero comments touting the benefits of rule-based filtering software here.>
 
H

hevnsnt

Lifer
Mar 18, 2000
10,868
1
0
"The latest Sober offshoot, which has been tagged as Sober.N, Sober.O or Sober.S at other security companies, uses e-mail written in both English and German. One of its lures is a message saying the recipient has won free tickets to the 2006 World Cup soccer tournament."
Click to expand...

In otherwords.. The US is safe.
 
NFS4

NFS4

No Lifer
Oct 9, 1999
72,636
47
91
Originally posted by: Jzero
<Insert standard Jzero comments touting the benefits of rule-based filtering software here.>
Click to expand...

Actually, I'm using Thunderbird. Thunberbird caught every message and through it into the junk email bin. However, Norton scanned every message before TB got ahold of it and threw the attachments into Quarantine
 
D

dmcowen674

No Lifer
Oct 13, 1999
54,889
47
91
www.alienbabeltech.com
There is two of them.

The other one that came from an old work address from where I worked in Georgia had a different header.

The file was a txt file so I thought they were trying to get in touch with me.

Turns out the file really has hidden characters and it is not a txt file.

I shut down right away and went in Safe Mode and saw what the payload did and removed it right away.

Cute
 
C

chrisms

Diamond Member
Mar 9, 2003
6,615
0
0
I dunno man wildfire can spread pretty quick. That's why thet call it "wild" fire. It isn't tame baby
 
ViRGE

ViRGE

Elite Member, Moderator Emeritus
Oct 9, 1999
31,516
167
106
Why, just why?! Haven't people figured out by now to stop opening random attachments?
 
D

dmcowen674

No Lifer
Oct 13, 1999
54,889
47
91
www.alienbabeltech.com
Originally posted by: ViRGE
Why, just why?! Haven't people figured out by now to stop opening random attachments?
Click to expand...

If it comes from a legitimate E-mail address (thanks to successful harvesting of E-mail addys) and scanning the file first, it's easy.

I did in fact scan the file first but the Anti-Virus failed to pick up anything while the file was in bogus attachment form.

Later I ran the scan after removing the bogus suffix and the Anti-Virus was able to detect the payload. Very clever these guys indeed.


 
Toasthead

Toasthead

Diamond Member
Aug 27, 2001
6,621
0
0
Originally posted by: hevnsnt
"The latest Sober offshoot, which has been tagged as Sober.N, Sober.O or Sober.S at other security companies, uses e-mail written in both English and German. One of its lures is a message saying the recipient has won free tickets to the 2006 World Cup soccer tournament."
Click to expand...

In otherwords.. The US is safe.
Click to expand...

hahahahaha
 
vi edit

vi edit

Elite Member
Super Moderator
Oct 28, 1999
62,484
8,345
126
My hotmail account has got hammered by about 400 of them.

All with 73KB .zip attachments.

:)
 
NFS4

NFS4

No Lifer
Oct 9, 1999
72,636
47
91
Originally posted by: Toasthead
Originally posted by: hevnsnt
"The latest Sober offshoot, which has been tagged as Sober.N, Sober.O or Sober.S at other security companies, uses e-mail written in both English and German. One of its lures is a message saying the recipient has won free tickets to the 2006 World Cup soccer tournament."
Click to expand...

In otherwords.. The US is safe.
Click to expand...

hahahahaha
Click to expand...

LOL, I just got the joke :D
 
C

cavemanmoron

Lifer
Mar 13, 2001
13,664
28
91
Originally posted by: Scouzer
Your subtitle made my eyes bleed.
Click to expand...

Topic Title: Sober worm spreads like wildfire
Topic Summary: I alone has 668 hits today alone on my Anandtech account
Created On: 05/03/2005 05:14 PM
 
C

cjgallen

Diamond Member
Jan 20, 2003
6,419
0
0
Variants of Sober have been circulated since 2003 and have continued to hit corporate and home systems.
Click to expand...
That's a long time!

Someone should mass email virus killing executables.
 
FoBoT

FoBoT

No Lifer
Apr 30, 2001
63,084
15
81
fobot.com
i got one monday. i read about it on the symantec website. i sent out new virus defs to check for it. haven't heard any issues yet.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom