Worm Sober.p
It has been observed that another variant of Sober worm known as Sober.p with aliases: sober.n (Sophos), sober.o (Symantec), sober.v (Panda Software), W32/Sober.p@MM (McAfee) and sober.s (Trend Micro) is spreading in the wild rapidly. The worm sends different types of e-mail messages with English and German texts and an attachment. The attachment is a ZIP archive such as account_info.zip, autoemail-text.zip, LOL.zip, Fifa_Info-Text.zip, mail_info.zip, okTicket-info.zip, our_secret.zip or PassWort-Info.zip containing the worm's executable. This worm spreads by mass-mailing copies of itself using its own SMTP (Simple Mail Transfer Protocol) engine. It gathers its target recipients from files with certain extensions names.
Using social engineering techniques, it sends out an email supposedly sent by the soccer organization FIFA, informing recipients that they won tickets for the upcoming FIFA World Cup 2006 in Germany. It also sends email messages in English or in German, depending on the country-level domains of the gathered addresses. Once it has affected the computer, as it displays a fake WinZip SelfExtractor error when it is run: "Error:CRC not completed".
For further details and instructions regarding disinfection refer to following URLs:
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91 11-24368572
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
