KNOWLEDGEBASE
- Article Overview
- All News
- Malware Database
- Portlist
- Behavior Blocker
- Online Help
- Subscribe to Newsletter
NEWS
-
5/15/2012:
Fraud attempts on Facebook – how to protect yourself -
5/8/2012:
Emsisoft is growing and thriving - thanks to you! Details to upcoming news. -
4/25/2012:
New version: Emsisoft Anti-Malware 6.5 available! -
4/19/2012:
Emsisoft warns about a new ACCDFISA ransomware threat wave on Windows servers -
4/11/2012:
Emsisoft Commandline Scanner overview - Preview of Emsisoft Anti-Malware 6.5
RECOMMENDED!
EMSISOFT PRODUCTS
Worm.Win32.Sober.L Alert!
A new variant of the Sober worm is spreading fast. As with its predecessors, Sober.L spreads as an email attachment in emails which are sent to all email addresses found on the victim's harddisk. Even if the executable file is packed in a .ZIP file, many users open the file and activate the worm this way. For novice users it's hard to see that it is a worm generated email because the email subject is "your password + accountnumber !". The email body text is the following:
hi,
i've got an admin mail with a Password and Account info!
but the mail recipient are you! it's probably an esmtp error, i think.
i've copied the full mail text in the Windows text-editor & zipped.
ok, cya...
The recipient is advised to open the attached file "Acc_text.zip". The worm also spreads in a German version, which is used on all German email addresses. The German subject is "ich habe ihre e-mail bekommen !". The email body text is:
Hallo,
jemand schickt ihre privaten Mails auf meinem Account.
Ich schaetze mal, das es ein Fehler vom Provider ist.
Insgesamt waren es jetzt schon 6 Mails!
Ich habe alle Mail-Texte im Texteditor kopiert und gezippt.
Wenn es doch kein Fehler vom Provider ist, sorge dafuer das diese Dinger nicht mehr auf meinem Account landen, es Nervt naemlich.
Gruss
If you start the worm, you will see this window:
More details about Sober.L can be found at the a-squared malware database:
http://www.emsisoft.com/en/malware/?Worm.Win32.Sober.L
Protection:
a-squared Free users are advised to run the online update, to be able to remove the worm if the computer becomes infected.
a-squared Personal users are protected, even if they don't have the latest online updates installed. The new IDS technology of the background guard immediately detects and blocks the worm with the behavior analysis if it manages to run. The a-squared alert window looks like this when the worm is started:
3/8/2005 - Discuss this article in the forum
 |
How would you rate the quality of this content? | ||||||||||||||
|
|||||||||||||||
Spring Offer!
Don't miss this: To your bought 1-year license of Emsisoft Anti-Malware or Emsisoft Internet Security Pack or higher you can now get
a free license of the CyberGhost Anonymizer for free.
Your advantage: Surf anonymously and visit websites that are restricted in your country.
Only a few days left! Order here
