wenwilder
11-19-2004, 04:02 PM
--> What is it?
W32/Sober.j@MM is a Medium Risk mass-mailing worm that
arrives as an email attachment. When run, the worm displays
a series of fake error messages (e.g., WinZip_Data_Module is
missing ~Error: {2A0DCCF6}), infects the host computer and
emails itself to stolen email addresses using the infected
computer's Internet connection.
--> What should I look for?
FROM: Varies (forged addresses taken from infected system)
SUBJECT: Example: FwD: illegal signs in your email
BODY: Example: More info about--GZIP--under: wwwgzip.org
ATTACHMENT: Examples: mail.4052.scr, verisign.2095.pif,
re_mail8831.bat
--> How do I know if I've been infected?
Fake error messages displayed. Increased network traffic on
TCP port 37. Alerts from a desktop firewall (if installed)
that a new application is trying to access the Internet.
View details about W32/Sober.j@MM (http://us.mcafee.com/root/campaign.asp?cid=12696) here. (McAfee)
W32/Sober.j@MM is a Medium Risk mass-mailing worm that
arrives as an email attachment. When run, the worm displays
a series of fake error messages (e.g., WinZip_Data_Module is
missing ~Error: {2A0DCCF6}), infects the host computer and
emails itself to stolen email addresses using the infected
computer's Internet connection.
--> What should I look for?
FROM: Varies (forged addresses taken from infected system)
SUBJECT: Example: FwD: illegal signs in your email
BODY: Example: More info about--GZIP--under: wwwgzip.org
ATTACHMENT: Examples: mail.4052.scr, verisign.2095.pif,
re_mail8831.bat
--> How do I know if I've been infected?
Fake error messages displayed. Increased network traffic on
TCP port 37. Alerts from a desktop firewall (if installed)
that a new application is trying to access the Internet.
View details about W32/Sober.j@MM (http://us.mcafee.com/root/campaign.asp?cid=12696) here. (McAfee)