handplane Posted March 9, 2005 Report Share Posted March 9, 2005 Got the following e-mail today: -- Worm.Win32.Sober.L Alert! ---A new variant of the Sober worm is spreading fast. As it's predecessors, Sober.L spreads as an email attachment in emails which are sent to all email addresses found on the victim's harddisk. Even if the executable file is packed in a .ZIP file, many users open the file and activate the worm this way. For novice users it's hard to see that it is a worm generated email because the email subject is "your password + accountnumber !". The email body text is the following:hi,i've got an admin mail with a Password and Account info!but the mail recipient are you! it's probably an esmtp error, i think.i've copied the full mail text in the Windows text-editor & zipped.ok, cya...The recipient is advised to open the attached file "Acc_text.zip". The worm also spreads in a German version, which is used on all German email addresses. The German subject is "ich habe ihre e-mail bekommen !". The email body text is:Hallo,jemand schickt ihre privaten Mails auf meinem Account.Ich schaetze mal, das es ein Fehler vom Provider ist.Insgesamt waren es jetzt schon 6 Mails!Ich habe alle Mail-Texte im Texteditor kopiert und gezippt.Wenn es doch kein Fehler vom Provider ist, sorge dafuer das diese Dinger nicht mehr auf meinem Account landen, es Nervt naemlich.GrussMore details about Sober.L can be found at the a-squared malware database:http://www.emsisoft.com/en/malware/?Worm.Win32.Sober.L Protection:a-squared Free users are advised to run the online update, to be able to remove the worm if the computer becomes infected.a-squared Personal users are protected, even if they don't have the latest online updates installed. The new IDS technology of the background guard immediately detects and blocks the worm with the behavior analysis if it manages to run. Your a-squared Teamhttp://www.emsisoft.com -----------------------------------© 2005 Emsi Software GmbHFaerberstr. 8 - 5110 Oberndorf - AustriaWebsite: http://www.emsisoft.comEmail can be viewed here: http://www.emsisoft.com/en/support/contact Quote Link to post Share on other sites
sultan_emerr Posted March 9, 2005 Report Share Posted March 9, 2005 Hey handplane, Thanks for the warning Quote Link to post Share on other sites
rv56 Posted March 10, 2005 Report Share Posted March 10, 2005 Yes....thanks for the warning handplane..... Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.