VIRUS ADVISORY

[dee88]

What is it?

The 18th variant of the first Sober virus, W32/Sober.r@MM is a mass-mailing worm hiding inside a .ZIP attachment. When run, the worm displays fake error messages, infects the host computer and sends itself to stolen email addresses. Messages may come in German or English.

What you should look out for?

from: Varies

subject: English: Your new Password. German: Fwd: Klassentreffen

body: English: Your password was successfully changed! Please see the attached file for detailed information. German: ich hoffe jetzt mal das ich endlich die richtige person erwischt habe! ich habe jedenfalls mal unser klassenfoto von damals mit angehngt.

attachment: KlassenFoto.zip, pword_change.zip

How do you know if you have been infected?

Fake error messages displayed. Outgoing messages as noted above. Note: Receiving an email alert stating that the virus came from your email address is not necessarily an indication you are infected. Mass-mailing viruses often or "spoof" the from address.

What can you do?

keep your anti-virus protection up to date

edit - new virus alert

CURRENT THREAT W32/IRCbot.worm!MS05-039

High Risk

What is it?

A fast-spreading Internet Relay Chat (IRC) bot worm affecting systems worldwide, W32/IRCbot.worm!MS05-039 exploits a recently announced Microsoft operating system vulnerability to spread and possibly help a remote hacker control an infected system.

You can be infected simply by going online. Once infected, your system may continually reboot.

What you can do

make sure you have the latest virus definition updates installed and perating system patches.

How do I know if I've been infected

The virus copies itself to the Windows System directory (e.g. C:\Windows\System32\ on Windows XP) as WINTBP.EXE. The file can be run automatically by exploiting the MS05-039 vulnerability or by a user directly executing the worm

Edited October 7, 2005 by dee88

[xper]

11. Please refrain from using CAPITALIZATIONS in the topic title or when participating in threads because they will not attract attention - instead it will annoy many of MSFN's members.

Anyway, thanks for the news.

Moved to Technology News.