Cleaning > ComputerNovember 23, 2004

New Sober Worm (Virus) on the Loose

We have gotten several of these this morning so watch your mail from this one. Your virus filters may not catch it yet.

From Eweek:

New Sober Worm on the Loose
By Dennis Fisher
November 19, 2004
A new version of the Sober worm appeared on the Internet early Friday morning and already it is having quite a bit of success infecting users in Europe through the use of social engineering.

Sober.J arrives in an e-mail message that appears to be a returned-mail error message, telling the user that an e-mail sent earlier has bounced. The message typically contains a .zip, .bat, .com, .scr or .pif attachment and a body text that is some variation on the following:

This mail was generated automatically.More info about --YAHOO-- under: http://www.yahoo.com-------
Occured_Errors:178.218.194.86_
does_not_like_recipient.# 185:
MAILBOX NOT FOUND# 144:
Giving_up_on_178.218.194.86.# 533:
This_account_has_been_discontinued_
[#413].End-------
The original mail is attached.Auto_Mail.System: [yahoo]

The subject line of the e-mail message varies, but often indicates that the message is a warning about a bounced e-mail, such as:

Delivery_failure_notice
Faulty_mail delivery
Mail_delivery failed

When the recipient opens the attachment, the worm displays a fake error message saying that a portion of the WinZip software is missing. The worm then copies itself to the Windows System folder in two separate locations, using filenames that it constructs dynamically from a small set of common strings, including sys, spool, crypt, host, dir, service, win, run, 32, data, and a few others, according to an analysis by McAfee Inc., based in Santa Clara, Calif. The filename always ends in "exe."

Sober.J then creates several registry keys to ensure it will be run on startup and searches for e-mail addresses on the infected machine. It then begins mailing itself to all of the addresses it finds.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Feedback

Read feedback for this post below.

By
07/24/2005

There are three ways to secure your computer. One is if you use windows you use the windows update. It has secuity patches and udates. Secondly and equally important is to have your model computer site and get all updates there for your computer and its drivers. So if it is HP, you do that first. Some windows updates have conflicts with Windows Updates. You will need to make sure you do this. Make sure your version of Internet browser is updated also. Most and or equally a yearly virus protector. You will need to update the virus definitions weekly. I do it every couple of days or set it to do it automatically. I almost fell out of my chair when a lady online told me she had Nortons 2002 and it showed no viruses. They make viruses every day. I used Nortons Internet Security. You can buy online cheaper and you can get the pkg that allows you to dowload from there all year in case you have to do a restore or reformat. You need to bookmark these sites to check and have a day to remind you to do these things. Symantec (nortons) will have the instructions to take out viruses you have to manually. They make it easy. So remember there is 4. Windows update, if you use windows, Your computer type site, Virus scan and your browser ,ie, Internet Explorer, or AOL. I do not like AOL , I call it the childrens browswer but you they supply your virus scan for those who cant afford it all. Do not take Attachments. You have features to make rules in your email. Make a yahoo account and let them send to their. They have a virus scan. Never open mail that you do not recognize. Save your server mail for people you know and trust. Make sure they keep their computer clean also. Many don't realize they are sending virus. Symantec had a feature that shows how to make these rules but not accepting files. Outlook has a feature you can add these files extentions and they will not be downloaded period..
All virus products and computer and broswers have these same services. I am not trying to choose your product. :)

By
11/23/2004

I woke up to about 30 of these in my email box this morning. It has worked it's way from Europe to the U.S. I first posted this on 11-19 when I saw the first one in my email.

Related

Post Feedback

Your thoughts are welcomed and appreciated. Enter your feedback here!

Feedback:

Image Upload:

Add an image to your post! Click the "Browse" button above and select an image from your hard drive. Please only select gifs or jpegs. If you have any problems, please contact us.

  

facebook like arrowLike ThriftyFun on Facebook

Browse Topics

Over 80,000 tips, recipes, questions & crafts.

Popular Now

Christmas Weddings for Less
Beauty Budget and Finance
Cleaning Craft Projects
Craft Tips Food Tips
Garage Sales Gardening
Gifts Green Living
Home Improvement Organizing
Parenting Parties
Pest Control Pets
Recipes Repair

Ask a Question

Submit a question to the TF community.

Subscribe to ThriftyFun Newsletters!

Email: