CME-681: Sober variant from FBI/CIA etc
I'm seeing a truly massive amount of activity on a new Sober variant claiming to be from the FBI, CIA or various other agencies.
It's been tagged as CME-681, see http://cme.mitre.org/data/list.html#681 which is variously:
Quote:
CA: Win32.Sober.W
F-Secure: Sober.Y
Kaspersky: Email-Worm.Win32.Sober.y
McAfee: W32/Sober@MM!M681
Norman: W32/Sober.AA@mm
Panda: W32/Sober.AH.worm
Sophos: W32/Sober-Z
Symantec: W32.Sober.X@mm
TrendMicro: WORM_SOBER.AG
F-Secure make a mention of it in their weblog: http://www.f-secure.com/weblog/
Lots of good links here: http://isc.sans.org/diary.php?storyid=880
The interesting thing about this one is the social engineer aspect. So, even if you have up-to-date signatures for this particular virus, it's quite likely that the "from the FBI" approach will be used for new viruses too, so perhaps you may want to check out the articles and apply some filtering to your inbound mail as a precaution.