McAfee Highlights Threat Of New Sober Worm Variant
|
|
|
|
|
McAfee has raised the risk assessment to Medium on the recently discovered W32/Sober.r@MM!M-151, also known as Sober.r. Sober.r is a prolific worm that spreads via e-mail, sending itself to addresses found on the victim's machine.
The worm arrives as a ZIP file attached to e-mail and has many of the same functionalities as its Sober predecessors. The worm was first reported to McAfee researchers a couple of days ago and to date it has has received more than 50 reports of the virus in the wild from unique senders.
Sober.r is a mass mailing threat that contains its own SMTP engine to construct outgoing messages, which are written in German or English, depending of the version of Windows. It harvests addresses from local files and then uses the harvested addresses to send itself.
This produces a message with a spoofed From address. The attachment comes in the form of a .zip file that contains an executable file inside, named 'PW_Klass.Pic.packed-bitmap.exe'. Users would need to manually extract the executable from the .zip file and manually run the attachment in order to be infected.
More information on Sober.r and the cure for this worm can be found online at the McAfee AVERT site located at http://vil.nai.com/vil/content/v_136390.htm. McAfee is advising its customers to update to the 4598 DATs to stay protected from this variant of the threat.
BIOS, Oct 07, 05 | Print | Send | Comments (0) | Posted In Security
Related Articles
Defending In Depth
Cyber Security & Other Games
Second Life, Second Identity?
Don't Choke In The Name Of Security
A Baker's Dozen Of Security Bytes
Patching Up Security
Webroot Software Spy Sweeper 5.3
PC Tools Spyware Doctor 4.0
How Cybercrime Operations Work
ZoneLabs ZoneAlarm Internet Security Suite 7
More...
|