Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New Sober variant in the wild SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Sober variant in the wild
Yesterday we got some messages about a possible new variant of the Sober virus to be released today. The F-Secure Weblog was one of the sources that posted a press release of the Bavarian Police warning about the new variant. And looks like they got it right...At least according Symantec (calling Sober.S) and F-Secure (calling Sober.V) and CA (calling it Sober.S).
According the first reports received , is is spreading with an email with something that looks like a zipped excel attachment. But, Symantec only says about a zipped I imagine that could be alot of different extensions.
The subject and body may be in english or german. Like the following subjects:

  • Thanks for your registration.
  • Hi, Ich bin's

So, watch out and warn your users.
Thanks to Juha-Matti adn Alex for the updates on this.

Update: McAfee reports 3 different variants since yesterday (which may be today according your time zone...)

Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)

155 Posts
ISC Handler
Nov 15th 2005

Sign Up for Free or Log In to start participating in the conversation!