Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Worm.Win32.Sober.L Alert!

  • Please log in to reply
No replies to this topic

#1 Scarlett


    Bleeping Diva

  • Members
  • 7,479 posts
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:10:44 AM

Posted 09 March 2005 - 09:18 AM

--- Worm.Win32.Sober.L Alert! ---

A new variant of the Sober worm is spreading fast. As it's predecessors, Sober.L
spreads as an email attachment in emails which are sent to all email addresses
found on the victim's harddisk. Even if the executable file is packed in a .ZIP
file, many users open the file and activate the worm this way. For novice users
it's hard to see that it is a worm generated email because the email subject is
"your password + accountnumber !". The email body text is the following:


i've got an admin mail with a Password and Account info!
but the mail recipient are you! it's probably an esmtp error, i think.
i've copied the full mail text in the Windows text-editor & zipped.
ok, cya...

The recipient is advised to open the attached file "Acc_text.zip". The worm also
spreads in a German version, which is used on all German email addresses. The
German subject is "ich habe ihre e-mail bekommen !". The email body text is:

jemand schickt ihre privaten Mails auf meinem Account.
Ich schaetze mal, das es ein Fehler vom Provider ist.

Insgesamt waren es jetzt schon 6 Mails!
Ich habe alle Mail-Texte im Texteditor kopiert und gezippt.

Wenn es doch kein Fehler vom Provider ist, sorge dafuer das diese Dinger nicht
mehr auf meinem Account landen, es Nervt naemlich.


More details about Sober.L can be found at the a-squared malware database:


a-squared Free users are advised to run the online update, to be able to remove
the worm if the computer becomes infected.
a-squared Personal users are protected, even if they don't have the latest
online updates installed. The new IDS technology of the background guard
immediately detects and blocks the worm with the behavior analysis if it manages
to run.

Your a-squared Team

Posted Image

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users