Windows users ! Beware , as of Friday a variant of the well known Sober family is out in the wild again. A virus author has once again "married" the concepts of bilingual viruses and sober viruses together and created the sixteenth variation of Sober, Sober.p--W32.sober.p@mm, also known as Sober.N (Sophos), Sober.S (Trend Micro), and Sober.O (Symantec).
Look out for the following registry keys :-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run "_WinStart" = C:\WINDOWS\Connection Wizard\Status\services.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run " WinStart" = C:\WINDOWS\Connection Wizard\Status\services.exe
And also the following files in these directories :-
%Windows%\Connection Wizard\Status\fastso.ber
%System%\adcmmmmq.hjg
%System%\langeinf.lin
%System%\nonrunso.ber
%System%\seppelmx.smx
%System%\xcvfpokd.tqa
Quick Facts
Name: Sober.p (w32.sober.p@mm)
What it does: Sends e-mail in either German or English
Means of transmission: E-mail
How to recognize: German version involves World Cup events; English version mentions password information
Who is at risk: Windows users
Users of Linux, the Mac OS, and Unix are not affected by this outbreak. *smile*
posted by Srimadhava @ 3:32 AM
2 Comments:
THanks for the info, now i will really be more careful with my mails.
Hi There !
Oh yes..especially if youre on Windows, be extra careful.. There is predictions of some nasty mails worms making its way into the Internet, this next few months !
Post a Comment
<< Home