New Sober yet again

I read that a new Sober came out yesterday, some places call it Sober-Q. Why wasn’t avast! updated for this yet? Is it not a big enough threat or something? Read some have reported already getting it in a few emails. :o

Avast is not the only one not detecting it. So maybe it is not so important. I recieved several Spammails from Sober.q infected PCs, but not so much as i recieved from Sober.p.

AntiVir Found Worm/Sober.gen
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Win32.Sober.Q@mm
ClamAV Found Worm.Sober.Q
Dr.Web Found modification of Win32.HLLM.Generic.345
F-Prot Antivirus Found W32/Sober.corr
Fortinet Found nothing
Kaspersky Anti-Virus Found Email-Worm.Win32.Sober.q
mks_vir Found nothing
NOD32 Found Win32/Sober.P
Norman Virus Control Found nothing
VBA32 Found Email-Worm.Win32.Sober.q

maybe it’s time to update avast ! ::slight_smile: last update is 4 days old.

Thats the reason i insist on daily updates.

Come on guys get realistic, new virus came out yesterday (Sunday), why hasn’t avast got it on VPS yet?

New viruses or variations are coming out all the time and it does take time for avast to get a copy of the complete virus so it can identify the signature and decide the action to take (add another specific signature or does it have things in common with the sober family so a generic signature would prove more effective). Then it has to be added to the VPS file and distributed in the form of an update.

There isn’t some sort of central database that every AV company can dip into and I doubt that there is much cross company collaboration between competing AV companies. avast should get feed back from its participation in Jotti, that too will have a short delay.

In the meantime, exrecise safe hex, don’t go opening email attachments from unknown sources. The distribution method common with the sober family is by email attachment.

In Italy the most diffused infection is the variant M in his various forms, in these days. Watching the HackerWatch website, it seems there are 3 typical centers of infections USA, Russia and HongKong. The best thing to do (and the easiest) is DO NOT OPEN ATTACHED FILES. I really think that we, customers and consumers of the web, we are
the most important factor of danger with our silly behavior! ;D

David,
completely agree with your wise words.

The latest avast virus update 16th May, contains “Win32:Sober-O”. So that must be the latest sober threat!

Been saying that for almost a year now. :slight_smile: Not only does Dr. Web get updated 7 days a week it’s more like 10+ times a day. AVK Pro is mostly hourly, VBA32 is at least once a day, etc
I like to know a AV I’m using gets updated often to help stop the risk of my PC from catching some newer virus.

I think that there were 5 updates last week, so I don’t believe there isn’t a real schedule, but a release as required and probably dependant on threat/severity.

I still think that 80% or more of your system security is common sense based.

No,every day plus as needed. So you get 1 update every day plus more if necessary.
If you don’t have heuristics or string generic engine you HAVE TO work that way.

Well even 5 days a week is better then 1-2 days a week. Heck McAfee even though it went daily (5 days a week) it’s still weekly for home users and thats not good enough at all.
The way viruses are now a days all AVs need to be updated daily all the time. We have viruses that get you as long as your PC is connected to the net. Theres email viruses that now try to install itself even if you didn’t open the email attachment, etc. New viruses are showing up more and more each day and are spreading faster then ever.

ArcaVir 2005 goofed up about a week ago where they didn’t update for a few days and so it wasn’t ready for Sober-P (Sober-N for avast!) and that ticked off a lot of their users. A number of them switched to a different AV over this and a few other things. Some went to NOD32 and others went to Dr. Web. But ArcaBit said “Oops sorry, we’ll try to never let that happen again!” But over all the damager had been done.

Yes avast! is great at getting out updates when needed but I still think all AVs should go daily 100%

statistics say (first months of the year) how the most of new malwares are not properly viruses but spywares and worms. For the most of crackers is important the steal of our personal dates or the “zombification” of our little home-pc in order to create massive attacks to the great companies. Honestly (as said here DavidR or many of us users in other parts of the Forum) the common sense is sufficient for avoid the most of traps, in my opinion.

The latest update got alot of VDF in it, go and see for yourself:

http://www.avast.com/eng/vps_history.html

This should make up for the the four days without updates. ;D

I think there is serious need to add sober-q to the virus definitions. here in Germany even the news-media are reporting on it. (And that rarely happens.) Obviously German inboxes are flooded with it. (Though I haven’t been affected yet.) Yet sober-q has become a serios threat - please alwil, react!

The new sober appears to be pretty bad down in the west cost of florida near tampa. We’ve had media attention on it and my company appears to be infected. Symantec is calling it Trojan.Ascetic.C (with lots of other names, W32.Sober.P / O / Q / U ect). (There is no attachment to the emails.)

Unfortunatly it isn’t helping with the problem. We have various people on our network receaving the german emails (you are made slave - was the translation of one of them…fun). One of the workers email appears to be sending the mails out, since he keeps receaving undelivered mail reports that are the new sober emails. The whole system seems infected since some of the mails come from made up emails from our domain.

Its strange though since none of the files that symantic claims sober adds are on the computers that appear infected or on the company/mail server.

Hmm, well as you know, it’s quite common to discover new virus like Sober and Sasser Worms these days cause people who made these viruses has no life. But to be honest, if it wasn’t for them making these viruses, avast! wouldn’t be much existed. ;D

I don’t get it. Has Sober-Q become part of the vdf or not? (Maybe another name was used?) And if not -why not? I mean this thing is “in the wildest”! This whole topic doesn’t cast any good light on alwil. Comments? :-\

Of course it has - it’s called Win32:Sober-O [Wrm].

I think that you should bookmark this link for the future - http://www.virusbtn.com/resources/vgrep/index.xml it will help with aliases of viruses, since there is no common standard/convention for virus names. Unfortunately there is a delay from a new virus being detected to being included in this database.