Sober.I Worm - MEDIUM RISK by Secunia
As of November 11, 2004 at 1:31 AM (GMT -8:00 Pacific Standard Time), TrendLabs has declared a MEDIUM risk virus alert in order to control the spread of this new SOBER variant. TrendLabs has received numerous infection reports indicating that this malware is spreading in the France, Germany, and Australia.
The message it sends out has the following details:
Subject: (any of the following)
· Faulty_mail delivery
· illegal signs in your mail
· invalid mail
· mail delivery system
· Mail delivery_failed
· Mail Error
· Registration confirmation
· Your mail password
· Your Password
Message body: (any of the following)
· I was surprised, too!
*-*-* Mail_Scanner: No Virus
*-*-* SKYNET- Anti_Virus Service
· Your password was changed successfully!
· Protected message is attached!
· ++++++ User-Service: http://www.<domain>
++++++ MailTo: postmaster <domain>
*.bat, *.com, *.exe, *.pif, and *.scr
Edited by harrywaldron, 19 November 2004 - 07:18 AM.