| Featured Product |
|
 Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available!
|
|
Sober gives you Your New Password
Friday, October 07, 2005
Author: Richard S. Westmoreland
Permalink: sober-new-password
|
Virus Alerts
|
|
A new Sober variant is making its rounds, attempting to convince unsuspecting people that their network administrator has changed their password.
The email the worm sends is not particularly convincing - but it is still worth noting because sometimes it is vagueness that catches our curiousity. The subject is Your new Password, and the body reads Your password was successfully changed! Please see the attached file for detailed information. Attached is a zip file named pword_change.zip, which contains PW_Klass.Pic.packed-bitamp.exe or Screen_Photo.jpeg-graphic1.exe. There are also some German alternatives to this email.
If you're foolish enough to try and run these executables, you may get a fake error message that displays Error in packed file! CRC Header must be $7ff8, at which point several files are created in the folder ConnectionStatus under the WINDOWS directory (netslot.nst, services.exe, socket.dli). Registry keys are also added to load the files on startup.
For more information about this Sober variant, visit:
McAfee - W32/Sober.r@MM
|
|
|