Monday, April 30, 2007 2:06 PM
cmosby
Symantec Security Response Weblog: A Sobering Thought
I saw one of those here today, so be on the lookout.
A Sobering Thought
Since late yesterday we have seen a marked increase in the activity of a new Sober variant doing the rounds.
A new variant of Sober named W32.Sober.AA@mm is currently being spammed out to many users around the world.
The spam can be either in English or German and uses classic social engineering techniques to trick users into opening and running the attachments.
The emails sent have the following characteristics:
Subject:
Ihr Passwort wurde geaendert!
Fehlerhafte Mailzustellung
Ihr Account wurde eingerichtet!
Your Updated Password!
Error in your eMail
Message:
Ihr Passwort wurde erfolgreich geaendert.
Ihre neuen Account-Daten und Passwort befinden sich gesichert im Anhang!
or
Diese Nachricht wurde Automatisch generiert.
- Ihre EMail konnte nicht empfangen oder gesendet werden.
or
Danke das Sie sich fuer uns entschieden haben
Um ihren neuen Account zu aktivieren, folgen sie der kurzen Anleitung im Anhang. Es sind nur 2 Schritte noetig!
or
You notified us that you have forgotten your password.
We have changed your password to a random sequence of letters and digits!
For more detailed information, see the attached password file ...
or
Your eMail has occurred an unknown error on our Server.
Please read your mail and check the text.
The full email is attached!
Attachment Names:
Passw_Data[RANDOM DIGITS].zip
PDaten[RANDOM DIGITS].zip
Mail_Data[RANDOM DIGITS].zip
Anleitung[RANDOM DIGITS].zip
The file inside the attachment is:
Winzipped_Data-Files.exe
Symantec customers have been protected since April 8, 2007 with the threat being detected as W32.Sober@mm.
Detections with Rapid Release Sequence of 67895 or greater (April 30, 2007) will detect this threat as W32.Sober.AA@mm.
Users of spam filtering will also be protected, since rules have been created to filter out these emails.
It has been a while since we last saw significant activity in this family of worms. The last named variant was back in 2005. Just like fashion, things often go out of style, only to make a come back later. Could this be the come back of Sober?
As usual, the advice is to not open email attachments from unexpected sources, even if they appear to be legitimate.
Posted by Hon Lau on April 30, 2007 05:00 AM
Source: Symantec Security Response Weblog: A Sobering Thought
Filed under: Security and Anti-Virus, AntiVirus Information, Spam\Phishing