Sober Virus (CME-151)

Published: 2005-10-06
Last Updated: 2005-10-06 12:03:08 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
There are reports on a new variant of Sober going around the net. Different antivirus vendors name it differently. But thanks to CME effort, it is identified as CME-151.

This variant uses different email messages randomly in either German or English. We have received several reports from our readers. One reader submitted to us with the email message as below:

Danke für Ihre Mail ....
Sie haben aber Ihre Mail wahrscheinlich falsch adressiert,,, nämlich an mich. Ich kenne sie aber nicht!
Oder Ihr Provider hat die Mail falsch weiter geleitet!?
Um mich zu entlasten, schicke ich Ihnen das (...) Foto wieder zurück.

This virus arrives with one of the following attachment names:
* KlassenFoto.zip
* pword_change.zip

Inside the ZIP archive is a file named PW_Klass.Pic.packed-bitmap.exe.

You can check out more details from various antivirus vendors website:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.q@mm.html
http://vil.nai.com/vil/content/v_136390.htm
http://uk.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?VName=WORM_SOBER.AC

Keywords:
0 comment(s)
Diary Archives