Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SoberD@MM from spoofed Microsoft email addresses, new version of Netsky

Published: 2004-03-08
Last Updated: 2004-03-08 13:11:18 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
SoberD@MM

Av vendors are releasing signatures for SoberD, a new mass mailer with an attached executable or zip file. The emails subject line is "Microsoft Alert: Please Read!" or "Microsoft Alarm: Bitte Lesen!"

Check with your AV vendor for signature updates.

http://vil.nai.com/vil/content/v_101081.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.d@mm.html
http://www.f-secure.com/v-descs/sober_d.shtml

The body of the english version of the SoberD email starts with:
"New MyDoom Virus Variant Detected!

A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly .........:"

New version of Netsky

Netsky has a new version that is called W32.Netsky.I@mm by Symantec. The new version was discovered today and Symantec has released an updated definition for it. This version does the same as the rest, however subject lines make it more enticing for a user to open. The From line is service@yahoo.com and consists of one of three different subjects or body lines that lead the user to believe their account with Yahoo has been closed. There is an attachment that appears like a valid link to Yahoo for the user to click on to reactivate their account.

For more information see:

http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.i@mm.html

Handler on Duty: Lorna Hutcheson
Keywords:
0 comment(s)
Diary Archives