Email a Friend
Print
Larger
SmallerSystems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003e, Windows XP.
The e-mail will have the following characteristics:
From: Spoofed.
Subject: One of the following:
* Re:YourPassword
* Re:RegistrationConfirmation
* Re:Youremailwasblocked
* Re:malingerror
* Re: [blank]
Body: One of the following:
* ok ok ok,,,,, here is it
* Account and Password Information are attached!
Visit: http:/ /www.[random domain]
* This is an automatically generated E-Mail Delivery Status Notification.
Mail-Header, Mail-Body and Error Description are attached
Appends one of the following randomly to the bottom of the message:
* Attachment-Scanner: Status OK
* AntiVirus: No Virus found
* Server-AntiVirus: No Virus (Clean)
* http://www.[random domain]
Attachment: One of the following:
* our_secret.zip
* mail_info.zip
* error-mail_info.zip
* account_info.zip
* account_info-text.zip
Note: The attachment will be a zip file containing a copy of the worm. The file name within the zip file will be Winzipped-Text_Data.txt[many spaces].pif or Winzipped-Text_Data.txt[many spaces].exe.
As a general rule, users should avoid opening the attachments of unsolicited e-mail. To protect your PC from this worm you should be running Symantec virus definitions version 70502y (extended version: 5/2/2005 rev. 25) or greater are required to detect this threat. If you do not have Symantec AntiVirus already installed on your computer system please visit http://www.bsu.edu/antivirus/.
Also all Windows computer users should be perform regular updates by going to http://windowsupdate.microsoft.com/ or by configuring the Windows Update Service to perform automatic updates to your computer.
When W32.Sober.O@mm is executed, it displays a WinZip Self-Extractor Error Text Box:
