2 New Bogus "Virus Fixes"

Forums: Internet
Email this Topic • Print this Page

If you should receive an e-mail that looks like this:

http://www.able2know.com/gallery/albums/userpics/10156/normal_Oct_29_001A.JPG

DELETE IT IMMEDIATELY and DO NOT CLICK ANY OF THE LINKS IN THE MESSAGE!

This scam has been out there about a month now, mostly in Europe and in Newsgroups, but I've started coming across it on the computers of local clients. Be advised: Microsoft DOES NOT ISSUE E-MAIL UPDATE ALERTS.

Also making the rounds is "SOBER", which will appear to be an e-mail from someone you know warning you of a worm.

Quote:

New Worm Spreads By Posing As Virus Fix
Wed Oct 29, 3:35 AM ET Add Technology - TechWeb to My Yahoo!

A new worm is making the rounds, which poses as a virus fix to tempt users to open the attached file.

The worm, dubbed Sober by security firms, spreads via e-mail, contains a host of different subject lines in both German and English, and delivers its payload via an attached file that claims to be a fix for a bogus worm.

Among the subject lines seen in copies of the worm are those that prey upon users' fears of security problems, such as "A worm is on your computer," "You have sent me a virus," and "New Sobig-Worm variation (please read)."

The attached file can be disguised with .exe, .scr, .bat, or .pif extensions. Opening the file propagates the worm to the target PC.

Sober has had its greatest impact in Europe, particularly the U.K. and Germany, and is currently considered a low or medium risk by most security firms. Symantec, for instance, ranks it as a '2' in its 1 through 5 scale.
The Article

Quote:

Wednesday 29th October 2003

Sober virus on popular European tour
PC PRO OnLine 16:28

The Sober virus - discovered on Monday - now accounts for 50 per cent of reported incidents, warns Sophos, and is continuing its rise throughout the UK and Germany.
Carole Theriault, security consultant at Sophos, said that on Monday, Sober reports accounted for 20 per cent, but that level has now reached 50 per cent.

'It's a fairly obvious worm,' she said, but she had an idea why the virus was still spreading. 'These worms play on computer users' fears and can be difficult to spot with email subject lines and messages chosen at random.'

The subject lines and messages are either in German or English, depending on the domain of the recipient's email address, but Theriault suspected the virus originated in Germany, as the English is so poor, while the German versions are more coherent.

One of the messages praises the writer of the SoBig virus: ''Congratulations!! Your Sobig Worms are very good!!!You are a very good programmer! Yours faithfully Odin alias Anon,' it reads

It spreads by sending itself on to addresses found on the victim's computer, but is not otherwise malicious.

Theriault also warned that without updated antivirus software, the worm can be very difficult to remove.

It installs itself using two files that watch over each other, so if you try to delete one of them, the other automatically reinstalls it. 'You've got to try and stop them both together,' she said, 'which makes it very difficult to delete manually.'

For more information, visit the SOPHOS website

.

Get, use, and keep updated, a reputable Anti-Virus program.

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,633 • Replies: 11

No top replies

thanks so much for the heads-up.

some people just have way too much time on their hands I guess.

0 Replies

Thank you for taking the time to share this with the rest of us. Good lookin-out

Shawna

0 Replies

Hmm - I got the microsoft one yesterday - but since I get automatic updates, and have never received email from Microsoft, I deleted it.

But - why didn't my Norton say something? It is automatically updated, too.

0 Replies

The emails themselves aren't viruses and might not even have them attached (requiring that you are tricked into clicking and downloading it).

0 Replies

aha!

0 Replies

Yeah, bunny ... that's the whole thing about not opening attatchments or clicking links from e-mails you are not certain of. If an email contains an attatcment, it is good practice to save the attatchment to a designated desktop folder, without opening it. Then point your virus scanner to that folder and have it examine the saved file. The "Help" feature of your anti-virus software, or on its vendor's website support pages, will give you clear instructions how to do this.

0 Replies

Norton AntiVirus has a feature that scans emails for viruses, and alerts you to their presence.

Also, NAV updated its virus definitions three times in the last two days. I wonder if it has anything to do with those emails.

0 Replies

No, it doesn't. Not that first one anyway. As Timber said it's been out for over a month now. I started seeing that one the day after it surfaced. Mad

Surprisingly, I don't yet know anyone who's fallen for it

0 Replies

Monger, Stinger was updated late Friday, with several revisions. Just to be ready, you might wanna download the new version.

0 Replies

Yeah Stinger is great, I keep the latest version on my tools CD which comes along whenever I'm working on PCs.

0 Replies

Ya still oughtta do a "find file *xxx*.*" search on all drives and go through a regedit check just to make sure, IMHO. Still, hueristics are getting better and better. Now, if folks would just quit clicking "You gotta see this" e-mail links and opening attachments they don't know for sure are from folks who meant to send 'em .... :wink:

0 Replies

2 New Bogus "Virus Fixes"

Related Topics

Quick Links

My Account

able2know