Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Sober variant in the wild - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Sober variant in the wild
Yesterday we got some messages about a possible new variant of the Sober virus to be released today. The F-Secure Weblog was one of the sources that posted a press release of the Bavarian Police warning about the new variant. And looks like they got it right...At least according Symantec (calling Sober.S) and F-Secure (calling Sober.V) and CA (calling it Sober.S).
According the first reports received , is is spreading with an email with something that looks like a zipped excel attachment. But, Symantec only says about a zipped one...so I imagine that could be alot of different extensions.
The subject and body may be in english or german. Like the following subjects:

  • Thanks for your registration.
  • Hi, Ich bin's

So, watch out and warn your users.
Thanks to Juha-Matti adn Alex for the updates on this.

Update: McAfee reports 3 different variants since yesterday (which may be today according your time zone...)
Sober.U
Sober.V
Sober.T

--------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!