|
Sharing Security Developments, and Best Practices for corporate and home users
 Most Sober variants can spread quickly, as the social engineering plus technical characteristics are advanced for this family of viruses
http://secunia.com/virus_information/17277/sober.n/
http://secunia.com/virus_information/16824/win32.sober.m/
W32.Sober.N@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
Subject of email: FwD: Ich bin's nochmal or I've_got your EMail on my_account!
Name of attachment: Private-Texte.zip or your_text.zip
Size of attachment: 73,541 bytes
Ports: TCP port 21
Compromises security settings: Attempts to terminate security-related processes.
| Quote: |
EMAIL Format -- German version
From: <Spoofed>
Subject: FwD: Ich bin's nochmal
Message: Verdammt,,,,ich hatte vergessen Dir meinen Text mitzuschicken.Aber bitte nicht woanders darueber Reden, ich wuerde mich dann zu Tode blamieren! Ich melde mich. Bis bald 
Attachment: Private-Texte.zip |
| Quote: |
EMAIL Format -- English version
From: <Spoofed>
Subject: I've_got your EMail on my_account!
Message: Hello, First, Very Sorry for my bad English. Someone is sending your private e-mails on my address. It's probably an e-mail provider error! At time, I've got over 10 mails on my account, but the recipient are you. I have copied all the mail text in the windows text-editor for you & zipped then. Make sure, that this mails don't come in my mail-box again. bye
Attachment: your_text.zip |
|
|
|