US-CERT Alert: W32/Sober Revisited
May 16, 2005 -- Since the W32/Sober mass-mailing virus first appeared on the Internet, US-CERT continues to see new variants appearing and many variants (new and old) continuing to spread. Many variants of W32/Sober are known to use their own SMTP engine to spread through email.
The most recent variant, W32/Sober.Q, appears to harvest email addresses from various files on the system and then sends out email messages with the following characteristics:
* Spoofed From address
* A Subject line that may be in either English or German and is selected from a predetermined list.
* Body text that may be in either English or German and is selected from a predetermined list. The body of the message may contain a URL.
US-CERT strongly encourages users to install anti-virus software, and keep its virus signature files up-to-date.
You may also wish to visit US-CERT's computer virus resources page.
[ Comment, Edit or Article Submission ]
