Este es el Virus Virus Profile: W32/Sober@MM!M681 con Códigos de la CIA.
Virus Profile: W32/Sober@MM!M681
Name:
W32/Sober@MM!M681
Risk Assessment
- Home Users:
Medium
- Corporate Users:
Medium
Date Discovered:
11/22/2005
Date Added:
11/22/2005
Origin:
Unknown
Length:
55,390 bytes (PE)
Type:
Virus
SubType:
E-mail
DAT Required:
4629
Virus Characteristics
-- Update November 22, 2005 -- The risk assessment of this threat has been upgraded to Medium due to the amount of spam being seen from this variant, Mcafee customers have been protected since the 4629 dat files released on November 16th , which detected this as W32/Sober.gen@MM. If you, or your customers, are running at least these dat files, there will be no action required. Specific named detection as W32/Sober@MM!M681 (to reflect the assigned CME ID number) will be added to the 4635 DATs.
This Sober variant was being seeded on Nov 21st. It arrives as an email attachment, along with various message subjects and bodies, such as:
Subject: hi, ive a new mail addressBody: hey its me, my old address dont work at time. i dont know why?!in the last days ive got some mails. i' think thaz your mails but im not sure!
plz read and check ...cyaaaaaaa
Subject: Registration ConfirmationorSubject: Your PasswordBody: Account and Password Information are attached!
Subject: Paris Hilton & Nicole RichieBody:The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more ;)Download is free until Jan, 2006!
Please use our Download manager.
Subject: You visit illegal websitesBody:Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:Please answer our questions!The list of questions are attached.Yours faithfully,Steven Allison
++++ Central Intelligence Agency -CIA-++++ Office of Public Affairs++++ Washington, D.C. 20505
++++ phone: (703) 482-0623++++ 7:00 a.m. to 5:00 p.m., US Eastern time
Subject: You visit illegal websitesBody:Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:Please answer our questions!The list of questions are attached.
Yours faithfully,Steven Allison
*** Federal Bureau of Investigation -FBI-*** 935 Pennsylvania Avenue, NW, Room 3220*** Washington, DC 20535*** phone: (202) 324-3000
Subject: Registration_ConfirmationBody:Protected message is attached!
***** Go to: http://www.your_domain ***** Email: postman@your_domain
Body:Glueckwunsch: Bei unserer EMail Auslosung hatten Sie und weitere neun Kandidaten Glueck.Sie sitzen demnaechst bei Guenther Jauch im Studio! Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
+++ RTL interactive GmbH+++ Geschaeftsfuehrung: Dr. Constantin Lange+++ Am Coloneum 1+++ 50829 Koeln+++ Fon: +49(0) 221-780 0 oder
Body:Bei uns wurde ein neues Benutzerkonto mit dem Namen beantragt.Um das Konto einzurichten, benoetigen wir eine Bestaetigung, dass die bei der Anmeldung angegebene e-Mail-Adresse stimmt.
Body:Bitte senden Sie zur Bestaetigung den ausgefuellten Anhang an uns zurueck.Wir richten Ihr Benutzerkonto gleich nach Einlangen der Bestaetigung ein und verstaendigen Sie dann per e-Mail, sobald Sie Ihr Konto benutzen koennen.Vielen Dank
Attachment:
reg_pass-data.zip
reg_pass.zip
question_list.zip
mailtext.zip
mail_body.zip
mail.zip
list.zip
email_text.zip
The zip file contains the files file-packed_datainfo.exe [55,390 bytes].
Pablo Ramírez Torrejón
Name:
W32/Sober@MM!M681
Risk Assessment
- Home Users:
Medium
- Corporate Users:
Medium
Date Discovered:
11/22/2005
Date Added:
11/22/2005
Origin:
Unknown
Length:
55,390 bytes (PE)
Type:
Virus
SubType:
DAT Required:
4629
Virus Characteristics
-- Update November 22, 2005 -- The risk assessment of this threat has been upgraded to Medium due to the amount of spam being seen from this variant, Mcafee customers have been protected since the 4629 dat files released on November 16th , which detected this as W32/Sober.gen@MM. If you, or your customers, are running at least these dat files, there will be no action required. Specific named detection as W32/Sober@MM!M681 (to reflect the assigned CME ID number) will be added to the 4635 DATs.
This Sober variant was being seeded on Nov 21st. It arrives as an email attachment, along with various message subjects and bodies, such as:
Subject: hi, ive a new mail addressBody: hey its me, my old address dont work at time. i dont know why?!in the last days ive got some mails. i' think thaz your mails but im not sure!
plz read and check ...cyaaaaaaa
Subject: Registration ConfirmationorSubject: Your PasswordBody: Account and Password Information are attached!
Subject: Paris Hilton & Nicole RichieBody:The Simple Life:
View Paris Hilton & Nicole Richie video clips , pictures & more ;)Download is free until Jan, 2006!
Please use our Download manager.
Subject: You visit illegal websitesBody:Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:Please answer our questions!The list of questions are attached.Yours faithfully,Steven Allison
++++ Central Intelligence Agency -CIA-++++ Office of Public Affairs++++ Washington, D.C. 20505
++++ phone: (703) 482-0623++++ 7:00 a.m. to 5:00 p.m., US Eastern time
Subject: You visit illegal websitesBody:Dear Sir/Madam,
we have logged your IP-address on more than 30 illegal Websites.
Important:Please answer our questions!The list of questions are attached.
Yours faithfully,Steven Allison
*** Federal Bureau of Investigation -FBI-*** 935 Pennsylvania Avenue, NW, Room 3220*** Washington, DC 20535*** phone: (202) 324-3000
Subject: Registration_ConfirmationBody:Protected message is attached!
***** Go to: http://www.your_domain ***** Email: postman@your_domain
Body:Glueckwunsch: Bei unserer EMail Auslosung hatten Sie und weitere neun Kandidaten Glueck.Sie sitzen demnaechst bei Guenther Jauch im Studio! Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
+++ RTL interactive GmbH+++ Geschaeftsfuehrung: Dr. Constantin Lange+++ Am Coloneum 1+++ 50829 Koeln+++ Fon: +49(0) 221-780 0 oder
Body:Bei uns wurde ein neues Benutzerkonto mit dem Namen beantragt.Um das Konto einzurichten, benoetigen wir eine Bestaetigung, dass die bei der Anmeldung angegebene e-Mail-Adresse stimmt.
Body:Bitte senden Sie zur Bestaetigung den ausgefuellten Anhang an uns zurueck.Wir richten Ihr Benutzerkonto gleich nach Einlangen der Bestaetigung ein und verstaendigen Sie dann per e-Mail, sobald Sie Ihr Konto benutzen koennen.Vielen Dank
Attachment:
reg_pass-data.zip
reg_pass.zip
question_list.zip
mailtext.zip
mail_body.zip
mail.zip
list.zip
email_text.zip
The zip file contains the files file-packed_datainfo.exe [55,390 bytes].
Pablo Ramírez Torrejón
posted by Pablo Ramírez Torrejón at 11:41 p. m.
0 Comments:
Publicar un comentario
<< Home