Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sober.N - New Variant to Watch


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:04:40 PM

Posted 19 April 2005 - 08:13 AM

Most Sober variants can spread quickly, as the social engineering plus technical characteristics are advanced for this family of viruses

http://secunia.com/virus_information/17277/sober.n/
http://secunia.com/virus_information/16824/win32.sober.m/

W32.Sober.N@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.


Subject of email: FwD: Ich bin's nochmal or I've_got your EMail on my_account!
Name of attachment: Private-Texte.zip or your_text.zip
Size of attachment: 73,541 bytes
Time stamp of attachment: n/a
Ports: TCP port 21
Compromises security settings: Attempts to terminate security-related processes.


Sober.N -- German version

From: <Spoofed>

Subject: FwD: Ich bin's nochmal

Message: Verdammt,,,,ich hatte vergessen Dir meinen Text mitzuschicken.Aber bitte nicht woanders darueber Reden, ich wuerde mich dann zu Tode blamieren! Ich melde mich. Bis bald ;)

Attachment: Private-Texte.zip


Sober.N -- English Version

From: <Spoofed>

Subject: I've_got your EMail on my_account!

Message:  Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error!  At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then. Make sure, that this mails don't come in my mail-box again. bye

Attachment: your_text.zip



BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:04:40 PM

Posted 19 April 2005 - 11:20 AM

I just got a "live" sample in my email, so this one is out there

From: xxxxxxxx.de  Add to Address Book
To: User@msdirectservices.com
Date: Tue, 19 Apr 2005 03:51:57 UTC
Subject:  I've_got your EMail on my_account!

Hello,
First, Very Sorry for my bad English.

Someone is sending your private e-mails on my address.
It's probably an e-mail provider error!
At time, I've got over 10 mails on my account, but the recipient are
you.

I have copied all the mail text in the windows text-editor for you &
zipped then.
Make sure, that this mails don't come in my mail-box again.

bye


File name: your_text.zip
File size: 72kb
File type: application/octet-stream
Scan result: Virus "W32.Sober.N@mm" found


The file attached to this message was infected with a virus that we were unable to clean. You can not download this attachment.
Note: Not all viruses can be cleaned. Please contact the message sender and request that they send you a virus-free version of this attachment.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users