November 21st, 2004, 10:58 PM
I got this in an email from a-squared today:
The latest version of the Sober worm is spreading fast. As with it's predecessors, Sober.I spreads by email attachments. The email text suggests that it is an error message from the mailserver and the undelivery report is attached.
Current email clients like Outlook or Outlook Express are able to block harmful file extensions like EXE, COM or SCR, but Sober.I sometimes comes packed in a ZIP file to bypass outlook security. The ZIP file itself is not harmful, but the content inside (an executable file with variable file name) contains the worm and must not be opened!
A more detailed description of the worm can be found at the aČ Malware Database:
Sober.I can be detected and removed with aČ Free and aČ Personal with the latest signature updates. The latest versionaČ Personal background guard will block the worm if it is started. Please run the aČ Online-Update immediately and ensure that the new automatic update feature in aČ Personal is enabled.v
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
November 22nd, 2004, 02:46 PM
As a preventative measure try Mobius Outlook Security (from Mobiusware) and Scrip Trap.
Couple of little utes that check for executables running from where they should not.
Either you see the script in notepad or you are forced to download and run the malware manually
They are freebies, use little systems overhead and have saved a few a$$es I can think of
November 22nd, 2004, 05:12 PM
November 22nd, 2004, 05:15 PM
Proof that SxE is a virus The Sober Worm