New Sober variant in the wild
Yesterday we got some messages about a possible new variant of the Sober virus to be released today. The F-Secure Weblog was one of the sources that posted a press release of the Bavarian Police warning about the new variant. And looks like they got it right...At least according Symantec (calling Sober.S) and F-Secure (calling Sober.V) and CA (calling it Sober.S).
According the first reports received , is is spreading with an email with something that looks like a zipped excel attachment. But, Symantec only says about a zipped one...so I imagine that could be alot of different extensions.
The subject and body may be in english or german. Like the following subjects:
So, watch out and warn your users.
Thanks to Juha-Matti adn Alex for the updates on this.
Update: McAfee reports 3 different variants since yesterday (which may be today according your time zone...)
Sober.U
Sober.V
Sober.T
Update 2: F-secure just published that they are already detecting 5 new Sober Variants .
--------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
According the first reports received , is is spreading with an email with something that looks like a zipped excel attachment. But, Symantec only says about a zipped one...so I imagine that could be alot of different extensions.
The subject and body may be in english or german. Like the following subjects:
- Thanks for your registration.
- Hi, Ich bin's
So, watch out and warn your users.
Thanks to Juha-Matti adn Alex for the updates on this.
Update: McAfee reports 3 different variants since yesterday (which may be today according your time zone...)
Sober.U
Sober.V
Sober.T
Update 2: F-secure just published that they are already detecting 5 new Sober Variants .
--------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments