TrendLabs has received several reports regarding this new SOBER variant that is currently spreading in Germany and the United States.
This worm spreads by mass-mailing copies of itself to target recipients. Using social engineering techniques, it sends out an email supposedly sent by the soccer organization FIFA, informing recipients that they have won tickets for the upcoming FIFA World Cup 2006 in Germany.
Social engineering, a propagation technique that is widely utilized by most worm programs, invests largely on computer users’ instinctive tendency to open email messages, execute attachments that are enticing and apparently harmless, and download and unknowingly open attractively named files.
TrendLabs is working to provide a more in depth analysis of this malware. Details will be posted shortly.
Beschreibung erstellt: 2005-05-02
Beschreibung aktualisiert: 2005-05-02
http://de.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?VName=WORM_SOBER.S
(FROM): %spoofed%
SUBJECT:
Re: Your Password
Re: Registration Confirmation
Re: Your email was blocked
Re: mailing error
FwD: Ihr Passwort
FwD: Ihre E-Mail wurde verweigert
FwD: Ich bin’s, was zum lachen
FwD: Glueckwunsch: Ihr WM Ticket
FwD: WM Ticket Verlosung
FwD: WM-Ticket-Auslosung
BODY:
Account and Password Information are attached!
Visit: http://www…com
This is an automatically generated E-Mail Delivery Status Notification.
Mail-Header, Mail-Body and Error Description are attached
Attachment-Scanner: Status OK,AntiVirus:
No Virus found,Server- AntiVirus: No Virus (Clean)
Passwort und Benutzer-Informationen befinden sich in der beigefuegten Anlage.
- http://www.
- MailTo: PasswordHelp@
**** AntiVirus: Kein Virus gefunden
**** “GMX” AntiVirus Service
**** WebSite: http://www.gmx.de
*** AntiVirus: No Virus found
*** “HBEDV” Anti-Virus
*** http://www.hbedv.com
(ATTACHMENT:
mail_info.zip
our_secret.zip
Fifa_Info-Text.zip
okTicket-info.zip
free_PassWort-Info.zip
Winzipped-Text_Data.txt.exe
Winzipped-Text_Data.txt.pif
http://www.antivir.de/de/vireninfos/index.html
http://de.mcafee.com/virusInfo/default.asp?id=description&virus_k=133409
I think the major thing here is not to panic and exercise safe hex, i.e… don’t go opening email attachments from unknown sources and even then unexpected emails with attachments.
;D
Doing it’s rounds in New Zealand. Received 3 in 1 hour so far.
Don’t open or Run the attached EXE file in the Zipped File.
Zipped file name:= our_secret.zip
Attached File:= winzipped-text_data . txt . exe