Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: New Sober variant in the wild - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Sober variant in the wild
Yesterday we got some messages about a possible new variant of the Sober virus to be released today. The F-Secure Weblog was one of the sources that posted a press release of the Bavarian Police warning about the new variant. And looks like they got it right...At least according Symantec (calling Sober.S) and F-Secure (calling Sober.V) and CA (calling it Sober.S).
According the first reports received , is is spreading with an email with something that looks like a zipped excel attachment. But, Symantec only says about a zipped one...so I imagine that could be alot of different extensions.
The subject and body may be in english or german. Like the following subjects:

  • Thanks for your registration.
  • Hi, Ich bin's

So, watch out and warn your users.
Thanks to Juha-Matti adn Alex for the updates on this.

Update: McAfee reports 3 different variants since yesterday (which may be today according your time zone...)
Sober.U
Sober.V
Sober.T

--------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!