A new variant of the mass-mailing Sober worm has been discovered and is spreading among consumer PC users.
Sober.P, which operates in a similar fashion to other Sober worms, uses a subject header in an e-mail to try to entice people into opening an attachment. The virus then harvests e-mail addresses from the victim and directs a barrage of spam to those addresses.
"The social engineering has been very effective," said Craig Schmugar, virus research manager for McAfee Avert. "They will use German messages for German Windows users. They tell them they've won tickets to the World Cup, and that has been an effective (ploy) for that region."
View: W32/Sober Report @ McAfee
View: W32/Sober Report @ Symantec
Download: Symantec W32/Sober Removal Tool
News source: News.com
Sober.P, which operates in a similar fashion to other Sober worms, uses a subject header in an e-mail to try to entice people into opening an attachment. The virus then harvests e-mail addresses from the victim and directs a barrage of spam to those addresses.
"The social engineering has been very effective," said Craig Schmugar, virus research manager for McAfee Avert. "They will use German messages for German Windows users. They tell them they've won tickets to the World Cup, and that has been an effective (ploy) for that region."
View: W32/Sober Report @ McAfee View: W32/Sober Report @ Symantec Download: Symantec W32/Sober Removal Tool News source: News.com
- SharpMT 3.0 Beta 2 offers:
- Save drafts locally - save entries that you're working on to your local hard drive
- One button posting - send any of your drafts to the server with one button click
- Edit multiple drafts simultaneously - a tabbed interface allows multiple drafts to be open at the same time
- Multiple categories per post - select more than one category for each draft published to the server
- Standard tag support - add bold, italics, underline, and URL tags via tool bar, menu, or keyboard
- Shell checking support - built in spell checking module underlines misspelled words in red
- Download existing posts - download the title and entry of existing blog enties from your server and store it on your hard drive for linking and editing
- Edit server-based posts - download server-based entries, edit them, and then upload the changes to the server
- Sync-able links list - advanced download techniques will always minimize data request for new published posts
- Sync-able categories list - pull an updated category list from your server at anytime
- Sync-able text filters list - apply existing server based text filters for drafts
- MT specific creation - use MT's extended fields, such as publishing status, categories, and excerpts
- Integrated Preview - built in Previewing allows you to view your drafts based on an HTML template
- Upload Images - upload any of your local images to anywhere within your blog
- RSS Aggregator integration - start new Blog entries from the most popular RSS Aggregator applications
- MP3 Player integration - add "now playing" information into Drafts with WMP9's blogging plug-in
- Favorites integration - list of Favorites from IE available as insertable links
- Customizable tag support - change the tags generated for bold, underline, italics and ten custom tags
- Customizable toolbar images - change the look of SharpMT by changing two images
- Shell integration - double-clicking a draft file will open it in a SharpMT window
- Bookmarklet support - any URL that starts with sharpmt:// will be inserted into a new blog draft
- Updated UI - using the minimizing, docking and floating window suppose of .NET 2.0 for a modern interface
- Help system - a standard Windows based help system with comprehensive and detailed documentation
- Extendable interface - developers can add their own Plug-In by supporting the ISharpMTExtension
:waits patiently:
Today the scanner detects and removes the payload, but I'm noticing we are still getting a lot more spam this week than last.
Another trick they've started using:
They add this to the end of the message (COMPANYNAME replaced of course). Just another way to suck in the gullible.
*** Attachment-Scanner: Status OK
*** "COMPANYNAME" Anti-Virus
*** http://www.COMPANYNAME.com
SIDE NOTE: Why does the Symantec Removal Tool not mention this variant?
To think that after all these years people still fall for fake subject lines and open attachments, and from total strangers no less. It boggles the mind...
I got 2 messages from service@aol.com containing the virus.
The Virus/Windows Update game continues!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.