|
 |
|
 |
| Sunday, September 05, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
1 |
 |
Members:
0 |
 |
Total:
1 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/04/2005 8:38 AM |
|
| What it is
A new variant of the SOBER worm (Sober.O by Symantec, Sober.P by McAfee, Sober.S By Trend Micro) is wreaking havoc with mail servers this morning. I had no less than 25 copies in my inbox this morning. Sober is an old worm and this one doesn't have any particular new tricks, other than a more aggressive list of places to look for email addresses. Like most mass mailing worms these days it's contained in a .ZIP file. When you open the zip file the internal file is named with a random name.txt, then a large number of spaces, then .exe. In the winzip extraction window the file extension is cut off, so a person who thinks they're opening a txt file is actually running an executable:
somerandomname.txt .exe
When they double click on the file it runs the virus which installs itself on your system. As usual there are a variety of different subject headers to try to fool you into believing the zip file is something important you have to open.
What you should do
Updated virus signatures will catch this one at the front door. If you're opening files with a .ZIP extension, don't just double click on the listing for files in the winzip window. Extract the file to a separate directory and examine it carefully to be sure it's exactly what you expect. Never open zip files that you are not expecting to get. It's a good idea to verify with the sending person that they sent the file before opening it.
If you do have the virus, it will disable many anti-virus programs. You'll need to reinstall your antivirus after cleaning the file.
Additional Resources
Norton SARC listing: http://www.sarc.com/avcenter/venc/data/w32.sober.o@mm.html
McAfee: http://vil.mcafeesecurity.com/vil/content/v_133409.htm
Trend Micro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBER.S
Norton Sober cleanup tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html
McAfee Stinger: http://vil.mcafeesecurity.com/vil/averttools.asp
Trend Micro Sysclean tool: http://www.trendmicro.com/download/dcs.asp
This concludes this viruswarning notice.
Lee Drake
Aztek Computer Solutions, Inc.
274 Goodman Street North Suite B269
Rochester, NY 14607
www.azcomputer.net
ldrake@azcomputer.net
Phone: 585-242-2060
Fax: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|